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PREFACE 


Current and future NASA programs face the challenge of achieving a high degree of mission 
success with a minimum degree of technical risk. Although technical risk has several 
elements, such as safety, reliability, and performance, a proven track record of overall system 
effectiveness ultimately will be the NASA benchmark. This will foster the accomplishment of 
mission objectives within cost and schedule expectations without compromising safety or 
program risk. A key characteristic of systems effectiveness is the implementation of 
appropriate levels of maintainability throughout the program life cycle. 

Maintainability is a process for assuring the ease by which a system can be restored to 
operation following a failure. It is an essential consideration for any program requiring ground 
and/or on-orbit maintenance. The Office of Safety and Mission Assurance (OSMA) has 
undertaken a continuous improvement initiative to develop a technical roadmap that will 
provide a path toward achieving the desired degree of maintainability while realizing cost and 
schedule benefits. Although early life cycle costs are a characteristic of any assurance 
program, operational cost savings and improved system availability almost always result from 
a properly administered maintainability assurance program. Past experience on NASA 
programs has demonstrated the value of an effective maintainability program initiated early in 
the program life cycle. 

This memorandum provides guidance towards continuous improvement of the life cycle 
development process within NASA. It has been developed from NASA, Department of 
Defense, and industry experience. The degree to which these proven techniques should be 
imposed resides with the project/program, and will require an objective evaluation of the 
applicability of each technique. However, each applicable suggestion not implemented may 
represent an increase in program risk. Also, the information presented is consistent with 
OSMA policy, which advocates an Integrated Product Team (IPT) approach for NASA 
systems acquisition. Therefore, this memorandum should be used to communicate technical 
knowledge that will promote proven maintainability design and implementation methods 
resulting in the highest possible degree of mission success while balancing cost effectiveness 
and programmatic risk. 




Frederick D. Gregory 
Associate Administrator for 
Safety and Mission Assurance 



DEVELOPING ACTIVITY 
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I. INTRODUCTION 


A. PURPOSE 


Maintainability is a process for assuring the ease by which a system can be restored to 
operation following a failure. Designing and operating cost effective, maintainable systems 
(both on-orbit and on the ground) has become a necessity within NASA. In addition, NASA 
cannot afford to lose public support by designing less than successful projects. In this era of 
shrinking budgets, the temptation to reduce up front costs rather than consider total program 
life cycle costs should be avoided. In the past, relaxation of R&M requirements to reduce up 
front costs has resulted in end-items that did not perform as advertised and could not be 
properly maintained in a cost effective manner. Additional costs result when attempts are 
made late in the design phase to correct for the early relaxation of requirements. 

The purpose of this manual is to present a series of recommended techniques that can 
increase overall operational effectiveness of both flight- and ground-based NASA systems. 
Although each technique contains useful information, none should be interpreted as a 
requirement. The objective is to provide a set of tools to minimize the risk associated with: 

• Restoring failed functions (both ground and flight based) 

• Conducting complex and highly visible maintenance operations 

• Sustaining a technical capability to support the NASA mission utilizing aging equipment 
or facilities. 

This document provides (1) program management considerations - key elements of an effective 
maintainability effort; (2) design and development considerations; (3) analysis and test 
considerations - quantitative and qualitative analysis processes and testing techniques; and (4) 
operations and operational design considerations that address NASA field experience. Updates 
will include a section applicable to on-orbit maintenance with practical experience from NASA 
EVA maintenance operations (including ground and on-orbit operations and ground-based 
simulations). This document is a valuable resource for continuous improvement ideas in 
executing the systems development process in accordance with the NASA "better, faster, 
smaller, and cheaper" goal without compromising mission safety. 

B. CONTROL/CONTRIBUTIONS 

This document will be revised periodically to add new techniques or revisions to the existing 
techniques as additional technical data becomes available. Contributions from aerospace 
contractors and NASA Field Installations are encouraged. Any technique based on 
project/program experience that appears appropriate for inclusion in this manual should be 
submitted for review. Submissions should be formatted identically to the techniques in this 
memorandum (Figure 1) and sent to the address below for consideration. 

National Aeronautics and Space Administration 

Code QS 

300 E Street S.W. 

Washington, DC 20546 
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Organizations submitting techniques that are selected for inclusion in this manual will be 
recognized on the lower portion of the first page of the published item. Contacts listed earlier in 
this document should be used for assistance. If additional information on any technique is 
desired, the contacts listed earlier in this document can be utilized for assistance. 

C. MAINTAINABILITY TECHNIQUE FORMAT SUMMARY 

The maintainability techniques included in this manual are Center-specific descriptions of 
processes that contribute to maintainability design, test, analysis and/or operations. Each 
technique follows a specific format so users can easily extract necessary information. The first 
page of each technique is a summary of the information contained, and the rest of the technique 
contains the specific detail of the process. Figure 1 shows the baseline format that has been used 
to develop each technique. 


TECHNIQUE FORMAT 


Technique Title, page numbe 
Technique XXX-XX *' 


Technique : A brief statement defining the design technique and how it is used. 

Benefits : A concise statement of the technical improvement and/or impact on resource expenditure 
realized from implementing the technique. 

Kev Words: Any term that captures the theme of the technique or provides insight into the scope. 
Utilized for document search purposes. 


and/or industry. 


j: Identifiable programs or projects that have applied the technique within NASA 


i: A brief technical justification for the use of the technique. 


Contact Center : Source of additional information, usually sponsoring NASA Center. 

Technique Description : A technical discussion that is intended to give the details of the process. The 
information should be sufficient to understand how the technique should be implemented. 

References : Publications that contain additional information about the technique. 

"* Each technique within a section is identified using one of the following acronyms specific to that section 
Followed by the associated sequential technique number. 

« PM: Program Management 

• DFE: Design Factors and Engineering 

• AT: Analysis and Test 

• OPS: Operations and Operational Design Considerations 
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Program Management 


A fundamental key to program and mission success is the development of systems that are reliable 
and affordable to operate and maintain with today's limited resources. Early definition of both 
hardware and software requirements that provide the capability for rapid restoration when failures 
occur is essential. While incorporation of a maintainability program may require some additional 
early investment, the resulting benefits will include operational cost savings and improved system 
availability. The techniques included in this section are intended to provide management personnel 
with an understanding of all information necessary to develop, foster, and integrate a successful 
maintainability program that will enhance mission success and lower overall costs. Each technique 
provides high-level information on a specific subject, and can be tailored or expanded to achieve 
optimum application. 
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Technique Programmatic provisions for ease of maintenance greatly enhance 
hardware and software system operational effectiveness for both in- 
space and ground support systems. 



Benefits Implementation of maintainability principles can reduce risk by 

increasing operational availability and reducing lifecycle costs. 
Provisions for system maintainability also yields long term benefits that 
include decreased maintenance times, less wear and tear on project 
personnel, and extended useful life of ground and in-space assets. 

Key Words System maintainability, program management, lifecycle costs, 
availability, concept development, human factors 

Application International Space Station Program, Hubble Space Telescope, SRB's, 

Experience Shuttle GSE, Space Acceleration Measurement System, and others. 

Technical Maintainability requirements for programs that require ground and/or 
Rationale in-space maintenance and anomaly resolution have to be established 

early in the program to be cost effective. Lack of management support 
to properly fund maintainability activities up-front can result in 
increased program risk. Including maintainability in the design process 
will greatly reduce the number of operational problems associated with 
system maintenance, improve the availability of the system, and reduce 
program costs. 


Contact Center 


All NASA Field Installations 
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Benefits of Implementing Maintainability 
on NASA Programs 
Technique PM-1 

Over the years, NASA has successfully 
launched manned spacecraft to the moon, sent 
unmanned pr obes into the outer reaches of 
the sc' system, and developed reusable 
space :ems for earth orbitable missions. 
NASA also performs valuable atmospheric 
research and development of ground systems, 
all of which contain complex hardware and 
- ftware that must be maintained during all 
l ases of operations and in multiple 
environments. However, in this age of 
shrinking budgets, doing more with less is 
becoming the overall programmatic theme. 
NASA space flight programs are being driven 
towards more automated, compact designs in 
which fewer support resources will be 
available than in past programs. This 
technique will outline the benefits of 
implementing well-defined and user-friendly 
principles of maintainability on all NASA 
programs, regardless of the operational 
scenario. Emphasis is placed on how and 
why a maintainability program can enhance 
die effectiveness of a system and its overall 
operation. It must be noted, however, that 
maintainability of unmanned deep space 
systems provides a different set of challenges. 

Ma tainability is defined in NASA Handbook 
53G0.4(1E), "Maintainability Program 
Requirements for Space Systems," as: "A 
measure of the ease and rapidity with which a 
system or equipment can be restored to 
operational status following a failure," and is 
consistent with NHB 7120.5, "Management 
of Major Systems and Projects." It is a 
characteristic of equipment and installation, 
personnel availability in the required skill 
levels, adequacy of maintenance procedures 
and test equipment, and the physical 


environment under which maintenance is 
performed. Applying maintainability principles 
will enhance the systems readiness/availability 
through factors such as visibility, accessibility, 
testability, simplicity, and interchangeability of 
the systems being maintained. Using 
maintainability prediction techniques and other 
quantitative maintainability analyses can greatly 
enhance the confidence in operational 
capabilities of a design. These predictions can 
also jrid in design decisions and trade studies 
where several design options are being 
considered. Also, cost savings and fewer 
schedule impacts in the operational phase of the 
program will result due to decreased 
maintenance time, minimization of support 
equipment, and increased system availability. 
Another benefit is a decrease in management 
overhead later on in the life cycle as a result of 
including maintainability planning as a full 
partner in early maintenance/logistics concept 
planning and development 

PROGRAMMATIC BENEFITS 

Maintainability Program Implementation 
Project management is responsible for 
implementing maintainability on a program via 
development of specific requirements for cost 
effective system maintenance in the early phases 
of the life cycle. Trade studies of the impacts of 
maintainability design on life cycle costs are 
used to evaluate the balance between cost of 
designing to minimize maintenance times and 
the associated increase in system availability 
resulting from the decrease in maintenance 
times. Usually, the up-front cost of designing- 
in maintainability is much less than the cost 
savings realized over the operational portion of 
the life cycle. 

Several programs have opted to accept the 
short-term cost savings by deleting . • 
maintainability requirements in the design 
phase, but the associated increase in 
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maintenance and support costs incurred 
during operations would have been 
significant An example of this is the Space 
Station Program, which had deleted 
requirements for on-orbit automated fault 
detection, isolation and recovery (FDIR), 
saving the program up-front money. 

However, the alternative concept was to 
increase the mission control center manpower 
during operations for ground based FDIR, but 
this presented a significant cost increase when 
averaged over the life cycle. Another positive 
example is the Hubble Space Telescope 
Program. Maintainability concepts were 
included early in the life cycle, where 
maintenance planning and optimum ORU 
usage in design saved the program significant 
costs when on-orbit repairs became 
necessary. Figure 1 accentuates the cost 
tradeoffs between introducing maintainability 
concepts into a program and the time at 
which they are introduced. These tradeoffs 
can mean the difference between a successful 
maintainability program and a costly, less 
effective one. 

The NASA systems engineering process 
should require that the system be designed for 
ease of maintenance within it's specified 
operating environment(s), and should ensure 
that the proper personnel (design and 
operations maintainability experts) and funds 
are committed to development of the process 
to achieve maximum program benefit 
Program schedule will be affected by lack of 
system maintainability because necessary 
ground support will increase, maintenance 
times will be higher, necessary maintenance 
actions will increase, EVA will be at a 
premium, and system availability will be 
lower. Table 1 highlights key program 
benefits. 



Maintainability Program vs. Phase 

Maintenance/Logistics Concept Development 
Development of the maintenance and logistics 
concepts for a program early in the life cycle 
must include the maintainability characteristics 
of the design. The maintenance concept is a 
plan for maintenance and support of end-items 
on a program once it is operational. It provides 
the basis for design of the operational support 
system and also defines the logistics support 
program, which will determine the application 
of spares and tools necessary for maintenance. 
The use of other logistic resources, such as 
tools and test equipment, facilities and spare 
parts, will be optimized through including 
maintainability planning as a key operational 
element. Derivation of these plans early on in 
the life cycle solidifies many operational aspects 
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Table 1: Maintainability Programmatic 
Benefits 

• Enhanced System Readiness/ Availability 

- Reduced Downtime 

- Supportable Systems 

- Ease of Troubleshooting and Repair 

• System Growth Opportunities 

- Hardware/Software Modifications 

- Interchangeability 

- Modular Designs 

- Decreased Storage Considerations 

• Reduced Maintenance Manpower 

• Reduced Operational Costs 

• Compatibility with other Programs 

• Reduced Management Overhead 


of the program, thus allowing for integrated 
design and support planning development. 

MAINTAINABILITY DESIGN BENEFITS 

Visibility 

Visibility is an element of maintainability 
design that provides the system maintainer 
visual access to a system component for 
maintenance action(s). Even short duration 
tasks such as NASA space shuttle orbiter 
component inspection can increase downtime 
if the component is blocked from view. 
Designing for visibility greatly reduces 
maintenance times. 

Accessibility 

Accessibility is the ease of which an item can 
be accessed during maintenance and can 
gready impact maintenance times if not 
inherent in the design, especially on systems 
where on-orbit maintenance will be required. 
When accessibility is poor, other failures are 
often caused by removal/ disconnection and 
incorrect re-installation of other items that 
hamper access, causing rework. Accessibility 
of all replaceable, maintainable items will 
provide key time and energy savings to the 
system maintainer. 


Testability 

Testability is a measure of the ability to detect 
system faults and to isolate them at the lowest 
replaceable component(s). The speed with 
which faults are diagnosed can gready influence 
downtime and maintenance costs. For example, 
deficiencies in Space Shuttle Orbiter testability 
design have caused launch delays, which 
translate to higher program costs. As 
technology advances continue to increase the 
capability and complexity of systems, use of 
automatic diagnostics as a means of FDIR 
substantially reduces the need for highly trained 
maintenance personnel and can decrease 
maintenance costs by reducing the erroneous 
replacement of non-faulty equipment FDIR 
systems include both internal diagnostic 
systems, referred to as built-in-test (BIT) or 
built-in-test-equipment (BITE), and external 
diagnostic systems, referred to as automatic test 
equipment (ATE), test sets or off-line test 
equipment used as part of a reduced ground 
support system, all of which will minimize 
down-time and cost over the operational life 
cycle. 

Simplicity 

System simplicity relates to the number of 
subsystems that are within the system, the 
number of parts in a system, and whether the 
parts are standard or special purpose. System 
simplification reduces spares investment, 
enhances the effectiveness of maintenance 
troubleshooting, and reduces the overall cost of 
the system while increasing the reliability. For 
example, the International Space Station Alpha 
program has simplified the design and 
potentially increased the on-orbit maintainability 
of the space station, thus avoiding many 
operational problems that might have flown . . 
with the Freedom Program. One example is the 
Command and Data Handling Subsystem, 
which is the data processing backbone for the 
space station. Formerly, the system consisted 
of several different central processing units, 
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of several different central processing units, 
multiple level architecture, and several 
different network standards. The new design 
comprises only one network standard, one 
standard CPU, and a greatly reduced number 
of orbital replaceable units (ORUs). 
Maintainability design criteria were definite 
factors in the design changes to this space 
station subsystem. 

Reduced training costs can also be a direct 
result of design simplification. Maintenance 
requires skilled personnel in quantities and 
skill levels commensurate with the complexity 
of the maintenance characteristics of the 
system. An easily maintainable system can be 
quickly restored to service by the skills of 
available maintenance personnel, thus 
increasing the availability of the system. 

Interchangeability 

Interchangeability refers to a component's 
ability to be replaced with a similar 
component without a requirement for 
recalibration. This flexibility in design 
reduces the number of maintenance 
procedures and consequently reduces 
maintenance costs. Interchangeability also 
allows for system growth with minimum 
associated costs, due to the use of standard or 
common end-items. 

Human Factors 

Human factors design requirements also 
should be applied to ensure proper design 
consideration. The human factors discipline 
identifies structure and equipment features 
that impede task performance by inhibiting or 
prohibiting maintainer body movement, and 
also identifies requirements necessary to 
provide an efficient workspace for 
maintainers. Normally, the system design 
must be well specified and represented in 
drawings or sketches before detailed 
anthropometric evaluation can be effective. 


However, early evaluation during concept 
development can assure early application of 
anthropometric considerations. Use of these 
evaluations results leads to improved designs 
largely in the areas of system provisions for 
equipment access, arrangement, assembly, 
storage, and maintenance task procedures. The 
benefits of the evaluation include less time to 
effect repairs, lower maintenance costs, 
improved supportability systems, and improved 
safety. 

Summary 

Implementation of maintainability features in a 
design can bring about operational cost savings 
for both manned and unmanned systems. The 
programmatic benefits of designing system 
hardware and software for ease and reduction 
of maintenance are numerous, and can save a 
program, as seen with NASA's Hubble Space 
Telescope. Maintenance in a hostile, micro- 
gravity environment is a difficult and 
undesirable task for humans. Minimal exposure 
time to this environment can be achieved by 
implementing maintainability features in the 
design. The most successful NASA programs 
have been those which included maintainability 
features in all facets of the life cycle. Remote 
system restoration by redundancy management 
and contingency planning is particularly 
essential to assuring mission success on projects 
where manned intervention is either 
undesireable or impractical. 
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Technique Identify program management considerations necessary when 
implementing maintainability principles for NASA spaceflight, 


atmospheric, or ground support programs. 



Benefits 

Early and effective planning and implementation of a maintainability 
program can significantly lower the risk of reduced system operational 
effectiveness resulting from maintainability design shortfalls. This 
reduces maintenance time/support, which directly relates to reduced 
operating costs and increased system operational time. 

Key Words 

Maintainability Management, Maintenance Concept, Logistics Support, 
Quantitative Requirements, Maintainability Planning 

Application 

Hubble Space Telescope, SRB's, Shuttle GSE, and Space Acceleration 

Experience 

Measurement System. 

Technical 

Decisions by program management to establish maintainability 

Rationale 

requirements early in the program will provide design impetus towards 
a system with higher operational availability at lower operational costs. 
Lower downtime and less complicated maintenance actions will be 
needed when maintenance is required. 

Contact Center 

NASA Headquarters 
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Maintainability Program Management 
Considerations 
Technique PM-2 

This technique outlines management 
considerations to observe when applying the 
principles of maintainability on a program at 
NASA. It also provides information on how 
to realize cost savings and reduced system 
downtime. This information complements 
PM-1, "Benefits of Implementing 
Maintainability on NASA Programs," by 
providing guidelines for establishing a 
maintainability program once the benefits have 
been understood. 

Program management is responsible for 
establishing proper integration of 
maintainability early in program development 
and ensuring adequate control of the 
application of the maintainability discipline 
throughout the development program. Figure 
1 provides flow diagram for an effective 
Maintainability program beginning with 
development of its goals and objectives , 
followed by development of the program/system 
maintenance concept and the Maintainability 
Program Plan, and establishment of program 
control and evaluation during design, production 
(manufacturing) and operations. The order of 
these program development elements is 
important, as each affects the next step in the 
process. 

(1) ESTABLISH MAINTAINABILITY AS 
PART OF THE OVERALL SYSTEMS 
ENGINEERING AND OPERA TION 
PLANNING PROCESS. 

Set Goals and Objectives 
One of the missions of the maintainability 
program is to measure the ability of an item to 
be retained or restored to a specified condition 
when maintenance is performed. The degree of 
maintainability designed into a system should 



Figure 1: Maintainability Program 

Development 

reflect the function (mission) of the 
system/subsystem and the impact on 
operational objectives of the program if the 
system is non-operational for any length of 
time. System availability (the ability of the 
system to operate whenever called upon to do 
so) is very important, and maximum 
availability should be a goal of the program. 
Program maintainability goals and objectives 
must be developed with cost and schedule in 
mind; however, careful consideration must 
also be given to the technical and operational 
goals of the program. These qualitative goals 
and objectives are developed by analyzing the 
system operating cycle, the physical and 
maintenance support environments, and other 
equipment characteristics consistent with 
mission and cost objectives. 

Attention must also be given to existing 
support programs to avoid needless 
duplication during development of new 
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support systems. Development of the 
maintainability goals and objectives will lead to 
derivation of the maintenance concept, 
maintainability plan, and definition of 
maintainability requirements discussed in the 
following paragraphs. 

Establish Interfaces with Other Engineering 
Disciplines 

Maintainability engineering is a system 
engineering discipline that combines system 
analysis and equipment design with a knowledge 
of safety, reliability, human factors, and life-cycle 
costing to optimize the maintenance 
characteristics of system design and to provide 
an awareness of interface problems. Its goal is 
to optimize the combination of design features. 


repair policies, and maintenance resources to 
the desired level of maintainability at 
acceptable life-cycle costs. The many 
interfaces and feedback paths between 
maintainability engineering and other product 
development and operational disciplines are 
shown in Figure 2. 

While maintainability personnel must be 
intimately involved in the product 
development process and provide inputs to 
design through design techniques and 
analysis, it is program management's 
responsibility to develop and support the 
relationship between maintainability and the 
rest of the system engineering disciplines. 
This support is key to establishment of a 


REQUIREMENTS DEFINITION 


SYSTEM DESIGN ACTIVITIES 


TEST AND EVALUATION 



Figure 2: System Reliability, Maintainability and Support Relationships (typical) 
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concurrent engineering process. These 
relationships must be mirrored in the 
Maintainability Program Plan. 

(2) DEVELOP MAINTENANCE AND 
LOGISTICS CONCEPTS EARLY IN THE 
CONCEPTUAL PHASE OF THE 
PROGRAM. 

The program maintenance concept provides the 
basis for establishing overall maintainability 
design quirements on the program, and 
contains detailed planning on maintenance 
policy. 

It defines overall repair policy, organizational 
and depot maintenance, system availability, 
repair vs. replacement policy, level of 
replacement, skill level requirements, sparing 
philosophy, diagnostic/testing principles and 
concepts, contractor maintenance 
responsibilities, payload maintenance 
responsibilities, and crew time allocations for 
maintenance (PM-3 provides details on each of 
these elements). Development of the 
maintenance concept is based on initial 
maintainability analysis and program inputs such 
as mission profile, system availability and 
reliability requirements, system mass properties 
constraints, and personnel considerations. The 
maintenance concept may be developed from the 
ground up, or may come from a similar 
successful program, tailored to meet the needs of 
the new program. New technology may also 
dictate the maintenance concept, e g. 
maintainable items may be scrapped instead of 
repaired because the cost of repair outweighs the 
replacement cost. 

Definition of logistics and support concepts is a 
function of the maintenance concept . The 
operational environment of the system, the level 
of support personnel defined by the maintenance 
concept, and cost and schedule are important 
drivers for the logistics/support programs. 


These elements are also important 
contributors to system maintainability in that 
logistics planning can define how much 
system down time is required during 
maintenance operations. 

For example, downtime can be held to a 
minimum if spares are co-located with the 
system during operations. It is important that 
Program management closely monitor all 
logistics development to ensure inclusion of 
maintenance and logistics concepts early in 
the program. Both concepts drive the 
development of lower-level requirements. 

Assess Existing Resources 
Another important aspect of planning for a 
new program is assessment of the existing 
logistic and support infrastructure. As an 
example, the infrastructure of the NSTS 
system at KSC comprises the launch pad, 
numerous assembly and support buildings, 
and support personnel and equipment. These 
are important factors to consider when 
planning for new programs that will use KSC 
as the central operations base. If some of the 
existing structures and equipment can be used 
by the new program, then the developmental 
and operational costs of the program will be 
reduced. During early planning stages, 
management should also look at how the new 
program can adapt to the existing support 
infrastructure, and what equipment and 
personnel may be used to eliminate 
unnecessary costs. 

Establish a Maintainability Program Plan 
The maintainability program plan is the 
master planning and control document for the 
maintainability program. It provides detailed 
activities and resources necessary to attain the 
goals and objectives of the maintainability 
program. It must be developed with the 
program contractor(s) if they exist, or if the 
program is in-house, all developmental and 


Page PM- 11 



Maintainability Program Management Considerations, Page 5 

Technique PM-2 


operational disciplines must be represented. The 
plan must be consistent with the type and 
complexity of the system or equipment and must 
be integrated with the systems engineering 
process. It identifies how the 
contractor/program office will tailor the 
maintainability program to meet requirements 
throughout the three major program phases : 
Development, Production, and Operations/ 
Support. Typically it contains the following 
elements shown in Table 1 : 

Table 1. Elements of the Maintainability 
Program Plan 

• Duties of each organizational element 
involved in the accomplishment of the 
maintainability tasks cited in the product 
specification or statement of work. 

• Interfaces between maintainability and 
other project organizations, such as design 
engineering, software, reliability, safety, 
maintenance, and logistics. 

• Identification of each maintainability task, 
narrative task descriptions, schedules, and 
supporting documentation of plans for 
task execution and management 

• Description of the nature and extent that 
the maintainability function participates in 
formal and informal design reviews, and 
authority of maintainability personnel in 
approval cycle for drawing release. 


(3) PROVIDE UNIFORM QUALITATIVE 
AND QUANTITATIVE MAINTAINABILITY 
REQUIREMENTS. 

Maintainability design requirements are 
established from the Maintainability Program 
Plan and the derived maintenance concept. 


These requirements are intended as rules 
system designers follow to meet overall 
program goals and objectives. They include 
mission, operational environment, and system 
concepts. They must be baselined early and 
not changed unless absolutely necessary. 

The requirements can include both 
quantitative and qualitative values of 
maintainability parameters. Quantitative 
maintainability requirements are usually the 
result of maintainability allocations based on 
system availability and operational timing 
requirements, with allocations made at each 
level down to the replaceable module, 
assembly or component level as needed. 
Examples of quantitative requirements are 
shown in Table 2: 

Table 2. Examples of Quantitative 

Requirements 


• Maintenance manhours per operating 
hour (MMH/OH) 

• Mean-Time-To-Repair (MTTR) 

• Mean-Time-To-Restore-System 
(MTTRS) 

• Fault detection and isolation of sub- 
systems task times 

• End item change out time 

• Unit removal/installation times 

• Availability 


They may be established at any, or all, levels 
of maintenance and can help define 
maintenance criticalities and reduction of 
necessary system components. Qualitative 
requirements are used to accomplish two 
purposes. First, they address maintainability 
design features which are vital in achieving 
the maintainability goals, but cannot be 
measured. For example, elimination of 
safetywire/lockwire, standardization of 
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fasteners, use of captive fasteners, and color- 
coding of electrical wiring are some basic 
qualitative maintainability requirements used on 
orbital programs. Second, qualitative 
requirements are used to meet customer/ 
program requirements and enhance the 
maintainability characteristics of the system. 
Examples include specification of common 
handtools only for organizational and 
intermediate levels of maintenance, and 
designing so that only one skill level is required 
for all organizational level maintenance 
personnel. 

(4) EXERCISE PROGRAM CONTROL AND 
EVALUATION 

The maintainability program must be an integral 
part of the systems engineering process and all 
design and development activities. Activities 
include design reviews, development and 
implementation of methods for assessing 
maintainability effectiveness, dissemination of 
maintainability data, and proper implementation 
of program test and evaluation. Subcontractor/ 
supplier control is also a key areas for program 
evaluation and monitoring. 

Summary 

Program management's participation in the 
development and implementation of sound 
maintainability practices on NASA programs is 
extremely important. Whether the program 
contains ground based systems, or is orbital and 
beyond, maintainability plays a key role in 
system operations, providing for increased 
system effectiveness and availability, and lower 
life cycle costs. The steps outlined above are 
guidelines towards success, and can be tailored 
depending on the type of program. However, 
the importance of a concurrent engineering 
approach and the existence of intimate 
pr essional relationships between 
maintainability personnel and other systems 
engineering disciplines can not be overstated, 


and existence of these examples will enhance 
the chance of program success (based on 
historical experience). 
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Technique 

Develop a maintenance concept early in the program life cycle to 
provide a basis for full maintainability support. It should be used to 
influence systems design to ensure that attributes for ease of 
maintenance, minimization of repair and down time, and logistics 
support will be present in the final design. 


MAINTENANCE CONCEPT FOR SPACE 1 

iffeveiop a maintenance concept to specify 
system/equipment maintainabiiity requkemenis ;1 If 

Benefits 

Effective development of a maintenance concept can enhance the 
effectiveness of maintenance support planning and aid both logistics 
planning and design of a maintainable system. The maintenance concept 
can also provide assessments of cost savings for maintenance activities 
and resources allowable at each maintenance level. 

Key Words 

Maintenance Concept, Spares Requirement, Logistics Support, 
Maintenance Plan, Maintainability Requirements. 

Application 

Experience 

Space Acceleration Measurement System (SAMS), Combustion 
Module- 1 (CM-1) Shuttle/Station Experiment. 

Technical 

Rationale 

The need to identify quantity, cost, types of spares, and related 
servicing techniques required to sustain a space system mission 
capability is a prime driver in developing maintainability requirements 
for a space system at the onset of its design. A system maintenance 
concept should be developed to define the basis for establishing 
maintainability requirements and to support design in the system 
conceptual phase. The maintenance concept provides the practical basis 
for design, layout, and packaging of the system and its equipment. The 
number of problems associated with product support and maintenance 
of space systems can be reduced, if not eliminated, by applying the 
principles prescribed in the system's maintenance concept. 

Contact Center 

Lewis Research Center (LeRC) 
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Maintenance Concept for Space Systems orbital space program where on-orbit and 

Technique PM-3 ground maintenance is planned. 


The maintenance concept provides the basis for 
overall maintainability design requirements for 
the program, and contains detailed planning of 
maintenance policy for the operational system. 
It establishes the scope of maintenance 
responsibility for each level (echelon) of 
maintenance and the personnel resources 
(maintenance manning and skill levels) required 
to maintain a space system. Early development 
and application of the maintenance concept in 
structuring the maintainability plan can 
eliminate or reduce occurrence of problems that 
m;: interrupt system operation. 

The maintenance concept for a new system 
must be systematically formulated during the 
early conceptual design phase of a program to 
minimize maintenance problems during the 
operational phase. This proactive approach is 
being used on Space Station-based experiment 
development programs at LeRC to incorporate 
current Space Station Program support 
principles, prescribed Space Acceleration 
Measurement System (SAMS) and Combustion 
Module One (CM-1) operational and repair 
policy, and identified sparing requirements. 

Elements 

This maintenance concept will aid in logistics 
planning and will guide design by providing the 
basis for establishment of maintenance support 
requirements in terms of tasks to be performed, 
frequency of maintenance, preventive and 
corrective maintenance downtime, personnel 
numbers and skill levels, test and support 
equipment, tools, repair items, and information. 
Inputs to the maintenance concept should 
include: a mission profile, system reliability and 
availability requirements, overall size and 
weight constraints, and crew considerations. 

The concept should support the following 
design elements as they apply to a manned 


Repair Policy 

The repair policy should consider the 
support to be provided at the maintenance 
echelons (levels) summarized in Table 1. 


Table 1. Echelons of Maintenance 



Organizational 

Maintenance 

Depot 

Maintenance 

Where 

Performed 

On-orbit 

NASA Center or 
Contractor 

System 

Maintainer 

Flight Crew 

Center Engineers 
and Technicians 

Basis 

Repair and retain 
equipment 

Repair and return 
equipment to 
stock inventory 

Type of work 
accomplished 

Inspect equipment 

Repair at 
module, ORU, 
and component 
level 


Remove and 
replace modules 
and ORU’s 

Repair and 
maintain ground 
support 
equipment 


Adjust equipment 

Calibrate 

equipment 


Organizational Maintenance 
Organizational maintenance is maintenance 
performed by the using organization (e.g., 
flight crew) on its own equipment. This 
maintenance consists of functions and repairs 
within the capabilities of authorized 
personnel, skills, tools, and test equipment. 
Organizational level personnel are generally 
occupied with theoperation and use of the 
equipment, and have minimum time available 
for detailed maintenance or diagnostic 
checkout; consequently, the maintenance at 
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this level is restricted to periodic checks of 
equipment performance. Cleaning of 
equipment, front panel adjustments, and the 
removal and replacement of certain plug-in 
modules and Orbital Replaceable Units (ORUs), 
referred to as black boxes, are removed and 
forwarded to the Depot Level. 

Depot Maintenance 

Depot maintenance is maintenance performed at 
NASA Centers or contractor facilities for 
completely overhauling and rebuilding the 
equipment as well as to perform highly complex 
maintenance actions. The support includes 
tasks to repair faulty equipment to the part 
level, if deemed necessary. This level of 
maintenance provides the necessary standards 
for equipment calibration purposes, and also 
serves as the major supply for spares. 

System Availability 

Operational Availability (AJ is defined as the 
probability that at an arbitrary point in time, the 
system is operable, i.e., is "up." It is a function 
of the frequency of maintenance, active 
maintenance time, waiting time, logistics time, 
administrative time, and the ready time of the 
system, and is expressed as: 

, UPTIME 

A = m 

° TOTALTIME K) 

Where: 

UPTIME = the total time a system is in an 
operable state, and 

TOTAL TIME = the combination of uptime 
and downtime, in which downtime is the time in 
which a system spends in an inoperable state. 

Repair vs. Replacement Policy 
Normally, on-orbit repair should not be 
performed on any plug-in modules or ORUs. If 
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any on-orbit repair actions are planned, they 
should be clearly identified in the concept. 

At the organizational level, failed items 
should be either discarded or sent to the 
NASA Center or contractor for exchange 
and repair in accordance with repair/discard 
policies identified in the system 
requirements. Corrective maintenance, 
limited to replacement of faulty ORUs and 
plug-in modules, should be specified to be 
performed during the mission period. Prime 
equipment should be designed to have ready 
access for maintenance. Quick-opening 
fasteners should also be specified. 

Level of Replacement 
The design for proper level of ORU 
definition should consider compatible failure 
rates for hardware parts within the same 
ORU. Relative ranking of ORUs through 
reliability and maintainability considerations 
and mission criticality analysis can also 
contribute toward the proper level of 
replacement definitions. The required level 
of replacement should be specified at the 
plug-in module and ORU levels. 

Maintenance and support of a system should 
involve two-tier maintenance echelons. The 
first level provides for repair of the end-item 
on-orbit by replacing select faulty or 
defective plug-in modules and ORUs 
identified through use of specified diagnostic 
procedures. Faulty ORUs should then be 
evacuated to the second level of the 
maintenance echelon (depot level), which 
will be at a NASA Center for repair if 
deemed necessary. The particular NASA 
center/ facility should act as the depot for 
repair of faulty items. 

Skill Level Requirements 
Hardware should be designed to aid on-orbit 
and ground maintenance, inspection, and 
repair. Special skills should not be required 
to maintain a system. The following design 
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features should be incorporated: 

• Plug-in module and ORU design to minimize 
installation/removal time and requirements for 
hand tools, special tools, and maintenance 
skills. 

• Plug-in modules and ORUs should be 
designed for corrective maintenance by removal 
and replacement. 

• Plug-in module and ORU designs requiring 
preventive maintenance should be optimized 
with respect to the access, maintenance hours, 
and maintenance complexity. 

• Software and its associated hardware should 
be designed so that software revisions/ 
corrections can be easily installed on-orbit with 
minimum skill level requirements. 

• Flight crew training for payload flight 
operation should identify hands-on 
crewmember training, at the NASA center 
where the system is built, to familiarize 
crewmembers with the removal/replacement of 
hardware. 

Spares Philosophy 

Two basic types of spares should be required to 
support a maintainable system: development 
spares and operational spares. Development 
spares are those that must be identified and 
acquired to support planned system test 
activities, integration, assembly, check-out and 
production. Operational spares are those spares 
that must be acquired to support on-going 
operations on-orbit. 

The quantity of development spares required 
for each system, and the total quantities to 
sustain the required availability during the 
planned test activities, integration, assembly, 
and check-out test should be determined 
according to the following: 


Maintenance Concept for Space Systems, Page 4 

Technique PM-3 

• Custom-made components/parts 

• Long-lead time items 

The quantity of spares required for each 
system and the total quantities to sustain the 
required operational availability on-orbit 
should be determined according to the 
following: 

• Items that are critical to system operation 

• Items that have high failure rate 

• Items that have limited life 

In the initial spares provisioning period and 
to the maximum extent practical, spares 
should be purchased directly from the actual 
manufacturer; i.e., lowest-tier subcontractor, 
to eliminate the layers of support costs at 
each tier. The initial provisioning period 
should cover early test and evaluation, plus a 
short period of operation, to gain sufficient 
operational experience with the system. This 
will provide a basis for fully competitive 
acquisition of spares. 

Spares with limited shelf life should be 
identified and should be acquired periodically 
to ensure that adequate quantities of spares 
are available when needed. Spares with 
expired shelf lives should be removed and 
replaced. 

Procurement of spares should be initiated in 
sufficient advance of need to account for 
procurement lead time (administrative and 
production lead time). 

The location of the spares inventory (on- 
orbit and on-ground) should be a function of 
the on-orbit stowage allocation capabilities 
and requirements. A volume/weight analysis 
should be conducted to determine the 
quantity and types of spare items necessary 
to sustain satisfactory operational 
availability. The volume/weight analysis shall 
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assure available or planned payload volume and 
weight limits, and planned or available on-board 
stowage area. 

Breakout should be addressed during initial 
provisioning and throughout the replenishment 
process in accordance with NMI 5900. 1, 
Reference 1 . Breakout is the spares 
procurement directly from the original 
equipment manufacturer, prime contractor, or 
other source, whichever proves most cost- 
effective. A spare item requirement list should 
be maintained by procurement and technical 
personnel. 

Diagnostic/Ti esting Principles and Concepts 
The system should meet the following failure 
detection requirements as a minimum: 

• The system should have the capability to 
detect, isolate and support the display of 
failures to the plug-in module level. Crew 
observations may be used as a method of failure 
detection of the following: visual displays, 
keyboards/buttons, general lighting, speakers. 

• System design should provide the capability 
for monitoring, checkout, fault detection, and 
isolation to the on-orbit repairable level without 
requiring removal of items. 

• Manual override and/or inhibit capability for 
all automatic control functions should be 
provided for crew safety and to simplify 
checkout and troubleshooting. 

• All failures of the system should be 
automatically detected and enunciated either to 
the flight crew or the ground crew. 

• Accesses and covers should be devoid of 
sharp comers/edges and be equipped with grasp 
areas for safe maintenance activities. 

• Systems/subsystems/items should be designed 


to be functionally, mechanically, electrically, 
and electronically as independent as practical 
to facilitate maintenance. 

The concept should also describe 
operating/testing techniques to identify 
problems and consider the complexity of the 
various types of items in the space system 
and associated maintenance personnel skills 
(for all software, firmware, or hardware). 

The techniques will identify maintenance 
problems. In all cases of fault simulation, the 
safety of personnel and potential damage to 
system/equipment should be evaluated in the 
concept. The concept should request that a 
safety fault tree analysis be the basis for 
determining simulation. Also, a Failure 
Modes, Effects, and Criticality Analysis 
should be used to evaluate and determine 
fault simulation. Some of the fundamental 
maintenance actions to be evaluated, 
monitored, and recorded are as follows: 

• Preparation and visual inspection time 

• Functional check-out time 

• Diagnostic time: fault locate and fault 
isolate 

• Repair time: gain access, remove and 
replace, adjust, align, calibrate, and close 
access 

• Clean, lubricate, service time 

• Functional check-out of the repair action 

Responsibilities for Contractor 
Maintenance 

The prime contractor's maintainability 
program should provide controls for assuring 
adequate maintenance of purchased 
hardware. Such assurance is achieved 
through the following: 

• Selection of subcontractors from the 
standpoint of demonstrated capability to 
produce a maintainable product. 
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• Development of adequate design 
specifications and test requirements for the 
subcontractor-produced product. 

• Development of proper maintainability 
requirements to impose on each subcontractor. 

• Close technical liaison with the subcontractor 
(both in design and maintainability areas) to 
minimize communication problems and to 
facilitate early identification and correction of 
interface or interrelation design problems. 

• Continuous review and assessment to assure 
that each subcontractor is implementing his 
maintainability program effectively. 

Responsibilities for Payload Maintenance 
Director of field installations responsible for 
launch preparation, maintenance, or repair 
activities should be responsible for maintenance 
planning and for providing the resources 
necessary to support the efficient identification 
of maintenance related problems in accordance 
with system requirements. These 
responsibilities include: 

• Implementing a system that will identify, 
track, and status problems related to routine 
maintenance activities attributable to the design 
characteristics of flight hardware and software. 

• Providing information for use in a data 
collection system to improve the accuracy of 
quantitative maintainability and availability 
estimates. This information can be used to 
identify failure trends influencing reliability 
growth characteristics during design and to 
communicate "lessons learned" from ground 
maintenance experience. 

• Recommending to the Program Manager, 
responsible for design and development of flight 
hardware/ software, areas for design - - 
improvement to increase the efficiency in 


Maintenance Concept for Space Systems, Page 6 

Technique PM-3 

ground processing or maintenance 
operations. The rationale for supporting 
these recommendations should include 
factors such as reduction in ground 
turnaround time and operational support 
costs. 

Allocation of Crew Time for Maintenance 
Actions 

Crew time for maintenance should be 
identified in accordance with system 
complexity, reliability, and criticality of the 
items to the system and mission 
requirements. Analytical methods exist 
which can be used to prioritize and allocate 
crew time for maintenance actions. 
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Design Factors and 
Engineering 


The objective of the Maintainability function is to influence system design such that the end product 
can be maintained in a cost effective operational condition with minimum downtime. In order for 
the Maintainability discipline to provide maximum influence to a program, design principles to 
obtain these objectives must be implemented early in the design phase. Techniques that have proven 
to be beneficial on previous programs are presented in this section as design recommendations for 
future programs. 
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Technique 


Provide guidelines for the design of maintainable equipment for 
compatibility with dexterous robots by outlining selection criteria for 
associated fasteners and handling fixtures. 


SELECTION OF ROBOTICALLY 
COMPATIBLE FASTENERS AND 
HANDLING MECHANISMS 


Optimization of robotics design via selection add life of compatible 
resources will reduce system downtime and increase availability ' • ! 


Benefits 

The application of these guidelines to the design process will increase 
the effectiveness of dexterous robots by allowing for optimized design 
of robotics components used during maintenance tasks. In addition, 
because Extra Vehicular Activity (EVA) tasks performed with robots 
must be simplified to accommodate robotics dexterity (which is 
intrinsically inferior to that of a human crew member), robotically 
compatible designs will facilitate the simplified (less time consuming) 
EVA tasks. This equates to less system downtime and higher 
availability for both ground and on-orbit systems. 

Key Words 

Robotically compatible; maintenance; fasteners; handling fixtures 

Application 

Experience 

International Space Station Program 

Technical 

Rationale 

The following selection guidelines enable design engineers to identify 
the criteria required for robotics compatibility and to tailor their 
specifications to different robotics systems and environments. They 
provide general concepts for using robotically compatible fasteners and 
handling fixtures that have been applied on the Space Station program 
and states the advantages of these concepts. 

Contact Center 

Johnson Space Center (JSC) 
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Selection of Robotically Compatible Fasteners 
and Handling Mechanisms 
Technique DFE-1 

Before designing an ORU or other component 
for robotics compatibility, the feasibility of such 
an effort must first be assessed. Some items 
(e.g., thermal blankets), because of their 
flexibility, cannot be manipulated by robotics 
systems. The assessment should show (1) if the 
ORU or component can be manipulated by a 
robot, (2) if not, whether a major redesign of 
the item will be required to make it robot 
compatible, and (3) what effect the redesign 
will have on weight and cost (a factor that can 
be determined by simple analyses). 

Reference 1 describes a preliminary analysis 
that might be used to determine the feasibility 
of designing for robotics compatibility. Once it 
is determined that the item can be designed to 
be manipulated by a robot, it must then be 
determined how the design relates to and 
affects the design of (1) other components in 
the system, (2) the system's layout, and (3) the 
robotics system with which it will interface 

Figure 1, which illustrates the process for 
redesigning for robotics compatibility as 
detailed in Reference 1, shows the sequence by 
which the design of items higher in a process 
flow impact the design of the lower items. 
Although the sequence may be altered, the 
alteration may result in increased costs, in 
schedule delays, and in less flexibility in 
applying robotics compatibility. The 
bidirectional arrows indicate processes that 
should be performed using an integrated 
approach that considers the impacts the ORU, 
system, and robot design have on each other. 
Once the above mentioned analysis is 
performed and design of the robotically 
compatible fasteners or handling fixtures is 
begun, the objectives then must be to: 


• Provide for alignment. 

• Avoid jamming and binding. 

• Withstand the loads that may be imparted by 
the robotics systems. 

• Provide adequate access. 

• Simplify the operation. . .. . . 

• Assist ORU alignment and softdock and 
harddock functions. "Softdock" is defined as 
the initial temporary attachment between two 
or more pieces of equipment to prevent 
inadvertent release prior to permanent 
attachment. 

Reference 2 lists a number of guidelines and 
requirements that may be applicable to 
designing for robotics compatibility of Space 
Station hardware. Reference 3 lists a number 
of different robotically compatible fasteners 
and handling fixtures for Space Station use. 

The purpose of this technique, however, is to 
assist designers in applying the stated concepts 
to their system ORU's and not to list 
contractual requirements. The six design 
objectives for fastener and handling fixture 
design requirements are addressed in the 
following section. 

FASTENER AND HANDLING FIXTURE 
DESIGN REQUIREMENTS 

Provide for alignment 

Alignment provisions may be implemented as 
( 1 ) markings, (2) alignment guides, and (3) 
design of the robotics system and its control 
system Only the second of these options, 
alignment guides, is addressed in this section. 
Markings and robotics system designs are 
described in References 1, 2, and 3. 

Fasteners 

There are more options available for aligning 
fasteners than there are for handling fixtures. 
For example, fasteners are captive and are an 
integral part of an ORU. Therefore, if the 
ORU contains proper alignment features and is 
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Figure J. Process for Robotics ( ’ onipatibility Design 


properly aligned and inserted, the fasteners will 
be properly aligned as well. However, since 
handling fixtures are grappled independent of 
the insertion and alignment of the ORU, the 


incorporation of alignment features is confined 
to the fixture and end effector. The ORU 
alignment feature design, which is discussed in 
References 2 and 3, is an important 
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consideration, since it can lessen fastener 
complexity. The alignment techniques being 
used for Space Station fasteners are described 
below. 

Alignment of Tool to Fastener Head 
Robotic testing has shown that, provided there 
is proper visual contrast between the fastener 
head and the surrounding structure, a 7/16- inch 
fastener with a flat head can be easily captured 
by the robotics end effector (nut driver). 

Earlier concepts specified or recommended 
rounded heads because it was believed the 
rounded head would accommodate greater 
misalignment tolerances. It was found, 
however, that a flat-headed fastener provided 
the robot with the same misalignment 
tolerances as the same fastener with a rounded 
top. 

Alignment of Fastener to Nut 
The bolt is aligned to a nut by tapering the end 
(pilot) of the bolt and by having a cone or 
countersink around the nut. For fasteners that 
form an assembly or that are, in Space Station 
terminology, "attachment mechanisms," there 
are housings which contain tapered "fingers." 

Handling Fixtures 

The two alignment techniques for Space Station 
handling fixtures are described below 

V-slot Insertion 

The V-slot insertion technique is used with the 
microfixture and H handle, which interface with 
the Special Purpose Dextrous Manipulator 
(SPDM) end effector or the ORU tool 
changeout mechanism (OTCM). The OTCM 
fits as a V into the grooves of the H handle 
closes its V-shaped grooves around the corners 
of the microinterface (see reference 2 for a 
detailed description). The positional 
misalignment tolerance allowed for the H 
fixture is approximately 0.5 inch with angular 
misalignment tolerance of about ±2°. The 


microfixture allows positional misalignments of 
about 0.3 inch and angular misalignments of 
about ±3°. 

Cylinder-over-cone 

The microconical tool slips over and attaches 
collets to the microconical interface, which is 
shaped like a cone. The allowable translational 
and angular misalignment tolerances for the 
microconical tool are 0.25 inch and ±1 °, 
respectively 

A VOID JAMMING AND BINDING 
Fasteners 

Once alignment is accomplished and the 
fastener begins to enter the nut, t her e is still 
the possibility of cross-threading. Cross- 
threading can be avoided by aligning the nut 
using the unthreaded portion on the bolt, and it 
can also be avoided by using an expandable 
thread diameter nut; i.e., a Zipnut. A Zipnut 
consists of three separate segments within a 
housing that, when assembled, form the 
internal threads of a nut. The segments are 
held against the threads of a bolt or screw by 
springs that force them to a minimal diameter, 
and a ramp that allows them to separate or 
come together, depending on the direction in 
which the bolt is inserted. When a bolt is 
inserted, the segments are allowed to slide 
back and away, allowing the bolt to slide 
through without obstruction. This type of nut 
is described in detail in Reference 2. 

Handling Fixtures 

When using robotically compatible handling 
fixtures which apply the slot in the V-groove 
concept as described above (i.e., the 
microinterface or X handle), care must be 
taken that the corners are rounded. This 
precaution must be taken to keep the handle 
from binding to the end effector, as happened 
in the JSC robotics laboratories with the first 
H handle concept which had sharp corners. 
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The corners of the H handle (renamed the X 
handle) were rounded, and the binding effect 
was thus eliminated. 

WITHSTAND L OA DS THA T MAY BE 
IMPARTED BY ROBOTICS SYSTEMS FOR 
FASTENERS AND HANDLING FIXTURES 

SSP 30000, table 3-3, "Factors of Safety," 
specifies that for metallic flight structures, the 
general factor of safety is a yield of 1 .25 and an 
ultimate of 2.00. 

PRO VIDE ADEQ UA TE A CCESS 
Fasteners 

Adequate access for fasteners is provided by 
designing a proper layout of the system as 
described in reference 3. The fastener selection 
(or fastening scheme) can be influenced by the 
robotics access if more than 1 degree of 
freedom is required by the robot to engage and 
disengage the fastener. A lever, for example, 
requires more than 1 degree of freedom and 
therefore requires significantly more access 
space to operate than that required to engage a 
bolt. In addition, the higher the torque value, 
the larger the end effector (motor), lessening 
the allowable robotics access space For Space 
Station, no levers will be used by robots. 

Handling Fixtures 

Certain small Space Station ORU's are being 
placed so close to each other that inadequate 
access space is provided for the robot to open 
its jaws around the interface The problem was 
resolved by using the microconical interface 
that snaps around the interface in a "stabbing" 
motion. By using a tool that does not require 
jaws to open around an interface; i.e., the 
microconical tool, the required access space is 
significantly reduced. 

Simplify the Operation Fasteners 

The robotics operation can be simplified by the 


following methods: 

Use Captive Fasteners 

Use of captive fasteners is the best method for 
simplifying robotics operation. This eliminates 
the need for the robot to carry and insert the 
fasteners and thus increases the probability of 
mission success. 

Reduce Number of Operations 
The type of fastener selected can reduce the 
number of operations required. For example, 
using the Zipnut eliminates the need for 
rotation, since the bolt can be slid through the 
nut and then tightened with a single rotation. 

Choose Proper Forms of Fastening 
Forms of fastening that require the robot to 
use more than 1 degree of freedom should be 
eliminated. Levers, for example, not only will 
increase the access space requirements (as 
described previously), but may also 
necessitate force moment accommodation and 
more complex control software. 

Avoid Fasteners Requiring Excessive Torque 
T o engage fasteners that require excessive 
torque (i.e., 50 foot-pounds or over), the robot 
must stabilize itself with one arm, constricting 
the allowable configurations for removing and 
replacing the ORU. This necessitates 
additional hardware for robot stabilization. In 
general, care must be taken when using robotic 
systems for fasteneing due to the reaction 
forces that will be present. 

Reduce Sizes and Types of Fastener Heads 
Using different sizes and types of fastener 
heads will reduce the number of tools required 
by the robot. 

Handling Fixtures 

The grasping of the interface can be simplified 
by allowing the robot to grasp the interface 
from a number of different orientations. For 
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example, the microinterface and the 
microconical interface can be grasped from two 
different orientations of the OTCM relative to 
the handling fixture, while the X handle can 
only be grasped from one orientation. There 
may be some instances, however, in which it 
would be advisable to limit the allowable 
orientations. For example, if the robot can 
grasp an ORU from only one orientation, there 
is less chance that the ORU will be improperly 
inserted in its base plate. 

ASSIST ORU ALIGNMENT AND 
SOFTDOCK ANI) HARDDOCK 
FUNCTIONS 

Fasteners 

When designing robotically compatible ORU's, 
the alignment guides and softdock features may 
be incorporated as part of the ORU, or 
fasteners with these features may be designed 
or selected. Softdock fasteners are thus more 
complex and are called "attachment 
mechanisms" in the Space Station Program. 
Alignment and softdock functions are described 
below. 

Alignment Functions 

If alignment features are lacking for the ORU, 
they can be incorporated via the tapering of 
pins, or fingers, located on the housings of the 
attachment mechanisms. 

Softdock Functions 

For the Space Station Freedom Program, 
attachment mechanisms achieve softdock either 
through the use of detents that are housed on 
an outer casing of the attachment mechanisms 
or via the Zipnut method. The Zipnut is 
ramped such that if an attempt is made to 
separate the bolt from the nut, the segments are 
pulled together allowing the bolt to be removed 
via rotation only. The Zipnut thereby functions 
as an excellent softdock attachment. 


Handling Fixtures 

Alignment and softdock functions are 

described below. 

Alignment Functions 
The location of the handling fixture can 
significantly impact ORU alignment. The 
further the handling fixture is from the ORU's 
center of gravity, for example, the more 
difficult it is for the robot to maintain a line of 
insertion that will be perpendicular to its 
attachment plate. 

Other factors to be considered when placing 
handling fixtures are the size of the ORU, the 
location and type of alignment guides, and the 
placement of fasteners. These items are 
discussed in Reference 3 because of their 
dependence on ORU features. 

Softdock Function 

Softdock features may be used to prevent an 
ORU from "floating away" prior to its being 
fastened. This may also be achieved by 
fastening the ORU without releasing the 
handling fixture. The three above mentioned 
handling fixtures for Space Station have holes 
in their centers for fasteners, which allows the 
OTCM to grasp the ORU, insert it, and then 
drive the bolt with its nut driver without ever 
releasing the ORU handle. 
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Technique 


Minimize the occurrence and effect of Built In Test (BIT) false alarms 
by applying principles and techniques that are intended to reduce the 
probability of false alarms and increase the reliability of BIT in avionics 
and other electronic equipment. 
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Benefits 

Effectively implementing BIT techniques automatically reduces the 
number of BIT false alarms. Decreasing the number of BIT false alarms 
increases a system's availability and decreases the maintenance man- 
hours required. The overall result is a reduction of the system's life 
cycle cost. 

Key Words 

Anomalies, Built-In-Test, False Alarms, Circuit Monitoring 

Application 

Experience 

International Space Station Program, National Space Transportation 
System 

Technical 

Rationale 

The reliability of a system's BIT can be determined in part by the 
number of false alarms it experiences. If the BIT can not accurately 
identify and report the occurrence of failures then the test has failed its 
mission. Testability must be treated with the same level of importance 
as other design disciplines. BIT reliability must be considered just as 
critical as any other performance requirement. A system can not 
perform its mission if its components are constantly being removed for 
false maintenance. 




Contact Center 


Johnson Space Center 
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In order to mitigate false alarms, a system's 
Built In Test (BIT) circuitry must be able to 
cope with a limited amount of anomalous 
performance. NASA Handbook 5300.4 (IE) 
defines a false alarm as "an indicated fault 
where no fault exists." Based on this definition, 
this technique is concerned only with BIT 
indications of system malfunction which cause 
unnecessary maintenance actions. The inability 
of a system to detect or report the occurrence 
of a failure, a "fails to alarm condition", is not a 
false alarm and is not addressed. 

BIT should be designed to distinguish between 
actual failures and anomalies which must be 
tolerated due to adverse operating conditions or 
that are normal anomalies within acceptable 
limits. To accomplish this, the following 
principles and techniques must be mandated in 
the system specifications, requirement 
documents, and design policies and 
implemented in the system design. 

Voting Scheme 

One technique is called the "Voting Scheme." 
With the voting scheme, all test data are 
analyzed by three or more different computers. 
A failure is declared only when a majority of the 
computers detect the same failure. An example 
of this type of architecture is the Space Shuttle 
Orbiter Avionics System. The five General 
Purpose Computers (GPCs) are all 
interconnected to the same 28 serial data 
channels. The GPCs perform alf system-level 
processing and require a majority agreement on 
all test signals. This technique requires an 
extensive use of resources but is extremely 
effective at mitigating false alarms. A less 
complicated version of this is the use of double 
or triple redundant monitors. Having two or 
more sensors in series increases the reliability of 


the test data reported while only requiring a 
single computer or processor. 

Continuous Monitoring 
Continuous monitoring with BIT filtering can 
be used in place of the voting scheme. With 
this technique, BIT results are based <5HTT 
integration of successive measurements of a 
signal over a period of time instead of a single 
check of the signal. The monitoring of the 
signa l does not have to be continuous but only 
sampled over the time period. The filtering 
involves comparing the current reading of a 
signal with past and future readings of the 
same signal This filtering allows for the 
disregarding of sporadic out-of-limit 
measurements. Only when a signal is out-of- 
limits for a predefined time limit or a sequence 
of tests identify the same failure, should the 
BIT flag be set. 

To maximize the effectiveness of continuous 
monitoring, the BIT data must be recorded. 
Once recorded, the data need to be 
summarized and evaluated so that trends can 
be tracked and weaknesses identified. To help 
manage all this data, controls should be 
implemented. The number of signals 
monitored and the maximum sample rate can 
be limited. The time span over which data are 
collected should be set at a reasonable period, 
and the type of data accumulated should be 
restricted. Finally, computing techniques can 
be used that do not require the storage of old 
data. Once the information is gathered, a 
failure log should be created. 

This failure log is the basis for future 
modifications to the system's BIT. To improve 
the BIT, every instant of anomalous 
performance not related to an identified failure 
mode should be analyzed and the root causes 
identified. Some form of corrective action 
must be taken to avoid recurrence. If a design 
change cannot be made, then the BIT must be 
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modified to accommodate the non-failure 
causing anomaly. 

The need for modification requires BIT to be 
flexible. Test parameters and limits must be 
easily changed. The operator should be able to 
control or even change the test sequence. This 
flexibility allows the necessary changes in the 
BIT to be made if false alarms start occurring. 
For example, the Space Station's Command and 
Data Handling System uses programmable 
Deadman Timers in the multiplexer/ 
demultiplexer (MOMs) and standard data 
processor (SDP's). The response intervals of 
the timers can be adjusted by the system 
controller to accommodate changes in system 
configuration or mode of operation. However, 
the BIT software must be changed without 
disturbing the system operation. For this to be 
possible, the BIT software must be independent 
of the operating software. 

Decentralized Architecture 
Another technique for mitigating false alarms is 
the use of a distributed or decentralized BIT 
architecture. With this approach the BIT is 
implemented so that a "NO GO" on a given test 
directly isolates the implied failure to a 
replaceable unit. Locating most of the BIT 
internal to a unit greatly reduces the possibility 
of incorrect isolation of a failure. Although the 
decentralized BIT concept consists primarily of 
unit level tests, some system level testing is still 
required. 


An excellent technology for combining unit 
level testing with system level testing is 
boundary scan. Boundary scan is the 
application of a partitioning scan ring at the 
boundary of integrated circuit (IC) designs to 
provide controllability and observability access 
via scan operations. In Figure 1, an IC is 
shown with an application logic section, 
related input and output, and a boundary scan 
path consisting of a series of boundary scan 
cells (BSC), one BSC per IC function pin. 

The BSCs are interconnected to form a scan 
path between the host IC's Test Data Input 
(TDI) pin and Test Data Output (TDO) pin, 
for serial access. 

During normal IC operation, input and output 
signals pass freely through each BSC, from the 
Normal Data Input (NDI) to the Normal Data 
Output (NDO). However, when the boundary 
test mode is entered, the IC's boundary is 
partitioned in such a way that test stimulus can 
be shifted in and applied from each BSC 
output (NDO). The test response can then be 
captured at each BSC input (NDI) and shifted 
out for inspection. Internal testing of the 
application logic is accomplished by applying 
test stimulus from the input BSCs and 
capturing test response at the output BSCs. 
External testing of wiring interconnects and 
neighboring ICs on a board assembly is 
accomplished by applying test stimulus from 
the output BSCs and capturing test response at 
the input BSCs. This application of a scan 
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path at the boundary of IC designs provides an 
embedded testing capability that can overcome 
test access problems. The unit level tests can 
also be combined for a subsystem or system 
level verification (Figure 2). More details on 
applying these techniques are in IEEE 
Standards 1149.1 "Boundary Scan" and 1149.5 
"System and Maintenance Bus." 

Finally, high-reliability components should be 
used in the design. The reliability of the BIT 
hardware should at least equal or exceed that of 
the hardware it is testing. The BIT software 
also needs to be thoroughly tested and verified 
to ensure that it will not be a source of false 
alarms. Accordingly, adequate amounts of 
effort and resources must be allocated during 
the design phase. The designer should not be 
unduly limited by memory size, component 
count, or any other allocated resource. 

These guidelines are not all inclusive. The 
false alarm problem is very complex. Each 
system is unique and must be approached 
differently. The best approach is simply to 
eliminate each factor as it is identified. 


SYSTEM TEST 
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Figure 2: Typical Test Regimen for Space Systems 
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And 

Test 


Maintainability analysis is a very important part of the design process in which aspects of the 
maintenance concept are quantified and design decisions are made based on results. Hardware and 
Software testing not only verifies that the item(s) in question will perform within the specific 
environment, but also allows for maintenance items to be identified and verifies maintainability 
design features. The techniques contained within this section describe a wide range of analysis and 
test processes used within the NASA community and should provide a vehicle for education, 
communication, and continuous improvement. 
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Technique 

Simulate on-orbit space maintenance activities by using a neutral 
buoyancy facility to assist in making design decisions that will ensure 
optimum on-orbit maintainability of space hardware. 

:[ . : : : i 
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Neutral buoyancy simulation provides an effective means for 
; making maintainability design decisions and verifying 

jj§ maintenance actions 

Benefit 

Neutral buoyancy simulation can provide valuable information for 
designing-in accessibility, modularity, simplicity, and standardization. It 
can also provide cost-effective, specific design information on the 
effectiveness of crew stability aids, crew maneuvering aids, specialized 
tools, and operational timeliness. Maintainability criteria that can be 
established by utilizing this process include: component accessibility; 
fasteners accessibility, systems installation; and the configuration and 
operation of crew stability aids and tools. 

Key Words 

Neutral Buoyancy Simulation, Maintainability Design Criteria, Space 
Maintenance Activities, On-Orbit Maintainability, Simulated Weightless 
Environment, Orbital Maintenance Special Tools, ORU 

Application 

Experience 

Skylab, Hubble Space Telescope, Space Shuttle Orbiter, International 
Space Station, Apollo 

Technical 

Rationale 

Equipment and crew interface testing in a simulated weightless 
environment at an early development stage in NASA programs is an 
accurate means of assessing hardware and tool design features and 
determining crew capabilities and requirements. While other forms of 
weightlessness simulations (e.g., parabolic flight, motion base, and 
computer models) have proven effective in specific applications, 
underwater simulations have proven particularly beneficial in hardware 
development, crew/hardware interface design, and operations planning, 
since they can accommodate a large worksite volume and extended test 
times. 

Contact Center 

Marshall Space Flight Center (MSFC) 
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Neutral Buoyancy Simulation of On-Orbit 
Maintenance 
Technique AT-1 

The neutral buoyancy Facility at MSFC has 
been used since 1968 to effectively simulate 
the weightlessness of space, and has assisted 
in the establishment of maintainability design 
criteria, particularly in extravehicular activity 
(EVA). Use of full-scale neutral buoyancy 
simulations has also allowed for direct 
human participation in test operations, as 
well as for access to the large body mock-up 
hardware developed for EVA simulations. 
These methods are a very effective way of 
simulating on-orbit environments for the 
purpose of verifying and solidifying 
operations z i d maintenance procedures. 

Other neutral buoyancy facilities used for 
NASA hardware development and test and 
crew training are the Weightless 
Environment Test Facility (WETF) at 
Johnson Space Center, the Neutral 
Buoyancy Research Facility at the University 
of Maryland, College Park, Maryland and the 
neutral buoyancy facility at McDonnell 
Douglas, Huntington Beach, California. 
Neutral Buoyancy Characteristics 
The MSFC neutral buoyancy facility has the 
following overall characteristics: 

• Six-console control room. 

• Three-person, double-lock hyperbaric 
chamber. 

• Floating crane for underwater movement 
of hardware (one 2000-pound hoist, one 
500-pound hoist). 

• Removable roof section to accommodate 
large hardware. 


• T. V. monitors, communications with test 
subjects, audio/video taping capability, 
pressure and de/ th displays of test 
subjects, and lightning warning systems. 

• Support of up to four Shuttle space suited 
crew members. 

• Umbilical-supplied underwater primary 

life support systems. 

• Operational Remote Manipulator Systems 
(RMS). 

• Air-lock for emergency test subject 
evacuation. 

The neutral buoyancy tank within the facility 
is a 1.3 million-gallon water tank that 
measures 40 ft. deep and 75 ft. in 
diameter. The water temperature is 
maintained at a range of 88 to 92 degrees 
Fahrenheit and a pH of 7.50. Cathodic 
protection systems are used to inhibit 
corrosion. The tank accommodates up to 
four pressure-suited test subjects 
simultaneously. Extravehicular Mobility 
Units are available for four test subjects. 

The tank can accommodate test durations of 
up to 6 hours 

HST Simulations 

Underwater simulations in the neutral 
buoyancy facility strongly inf lue nced the 
maintainability design criteria for the Hubble 
Space Telescope (HST) and its components; 
particularly with regard to visibility, 
accessibility, and simplicity. One of the 
primary considerations in maintainability of 
space hardware is the accessibility of 
components and systems by crew members 
during EVA. To be maintained in space, the 
components of a hardware item must be seen 
and reached by a pressure-suited astronaut 
or be within range of the appropriate tools. 


Page AT-3 



Neutral Buoyancy Simulation of On-Orbit Maintenance, Page 3 

Technique AT-] 


Altogether, some 70 Orbital Replacement 
Units (ORUs) on the HST can be replaced 
on-orbit. Some of the largest ORUs are 
batteries, computers, reaction wheel 
assemblies, science instruments, fine 
guidance sensors, and wide field planetary 
cameras. One of the telephone-booth-sized 
science experiments weighs over 700 
pounds. These items are mounted in 
equipment bays around the perimeter of the 
spacecraft. The bays open with large doors 
so components can be readily inspected and 
handled. Using neutral buoyancy 
simulations, design features of these 
components were validated, verified, and 
refined to ensure that the ORU features of 
modularity, accessibility, and simplicity were 
inherent in the design. Other features 
included a series of crew stability aids; 
including handrails, portable handles, tether 
attachments, and foot restraints. Neutral 
buoyancy simulation studies also determined 
the placement of foot restraints on both the 
HST and the RMS arm for maximum 
accessibility. These design features give the 
crew mobility and stability during unstowing, 
transporting, and stowing ORUs. 

Door latch design criteria were also 
addressed in neutral buoyancy simulations 
involving the HST. All internally stowed 
ORUs except the Radial Science Instrument 
are concealed by doors that must be opened 
and closed by a crew member before ORUs 
are installed or removed. 

Simulations and Design Influence 
A design criterion that has become 
increasingly important in on-orbit 
maintenance and which has been studied 
using neutral buoyancy simulation is 
standardization of the EVA interface to 
ORUs. The practice of standardization 
became a key issue in HST development 
with the decision to mount ORUs with 7/16- 


inch double height hex head bolts in three 
types of fittings: J-hooks, captive fasteners, 
and keyhole fasteners. Neutral buoyancy 
simulations have proven that the use of 
standardized bolt heads, clearances, and 
torque limits reduces the complexity of ORU 
maintenance in space. To achieve electrical 
connector standardization, neutral buoyancy 
simulation studies have evaluated such 
criteria as connector geometry (wing-tab 
presence, length, and diameter) and surface 
texture (knurls, ridges, and irregular shapes). 
Response variables studied included ease of 
alignment, firmness of grip, and level of 
torque required to lock the connectors. 
Studies of this type led to the development 
of a standard for blind-mate, scoop-proof, 
low-force, and subminiature connectors. If 
accepted as a standard, these connectors 
would be used in the Upper Atmosphere 
Research Satellite, Explorer Platform, 
International Space Station, and in robotic 
manipulators. 

Human factors studies have been a 
significant part of neutral buoyancy 
simulation tests with large space structures. 
For example, experiments have been 
conducted to determine the effect of fatigue 
on productivity during lengthy EVA 
structural assembly operations. An 
experienced test subject assembled a 36 
element tetrahedral truss structure repeatedly 
for 4 hours, while the subject's heart rate and 
general conditions were monitored. These 
neutral buoyancy simulations demonstrated 
EVA productivity to be significantly higher 
in space than in comparable conditions 
simulated in ground tests. Assembly time for 
structural assembly tasks was approximately 
20 percent less in actual flight. The 
Experimental Assembly of Structures in 
EVA (EASE) project, an experiment flown 
on Space Shuttle mission STS 61-B, 
revealed that a flexible structure can be 
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assembled in underwater conditions with a 
learning curve of 78 percent. It was 
determined that learning rate is independent 
of the strength, coordination, or size of the 
test subject; or the fit of the pressure suit. 

Structural configurations have been used at 
the MSFC neutral buoyancy simulator to 
obtain human factors data. In one 
experiment, six-element tetrahedrons were 
used to obtain data on learning and on the 
relative value of a variety of assembly aids. 
The structural elements in these tetrahedrons 
were 11-foot-long tubes ofPVC plastic, 4 
inches in diameter. Sleeve-locking 
connectors were used to join the beams at 
the nodes of the structure, or “joint cluster.” 
Much more complex structures were used to 
collect information on fatigue, and on crew 
members' ability to deal with complicated 
configurations and hardware. A single 36- 
element tetrahedral truss served as a baseline 
structure for comparing single-person 
assembly with two-person assembly, for 
quantifying productivity changes due to the 
use of various assembly aids, and for 
evaluating other structural configurations. 

Results of structural assembly experiments 
have shown that test subject learning rate is 
much higher in the weightless conditions of 
neutral buoyancy than in conditions on dry 
land. The most time-consuming task during 
assembly operations is aligning the beams. 
This large time consumption is due to the 
kinematics of water drag. Fatigue is not a 
significant factor in the assembly process if 
the subjects pace themselves. None the less, 
the following considerations must be taken 
when running a simulation to avoid 
problems: 

• Assign two safety divers per test subject 
to manage the umbilical and monitor the 
test subjects performance. 


• When possible, conduct paper computer 
simulations, and one-g dry run simulations 
prior to neutral buoyancy simulations. 

Principal Limitations 
The principal limitations of neutral buoyancy 
simulations include: (1) the need to design 
hardware to accommodate the effects of 
water corrosion, (2) varying water pressure 
with depth, and (3) frictional resistance of 
the water to body and equipment movement. 

The impact of not taking full advantage of 
the neutral buoyancy simulation capabilities 
at MSFC and other locations could mean 
entering a space mission without full 
knowledge of the effects of weightlessness 
on mission tasks, particularly in EVA's. 
Maximum emphasis should be placed on 
conducting simulations with the highest 
fidelity possible to ensure mission success. 
Failure to do so results in a greater 
probability of incurring safety hazards, 
anomalies, increased maintenance resources 
(man-hours), and hardware damage. 
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Technical This MTTR prediction technique is a fast, simple, accurate and effective 
Rationale approach for providing a design baseline for repair times. Design and 
product assurance engineers can use the MTTR data to effectively 
define sparing, logistics and maintenance programs for a pending 
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Mean Time to Repair Predictions 
Technique AT-2 

In general, the MTTR of a system is an estimated 
average elapsed time required to perform 
corrective maintenance, which consists of fault 
isolation and correction. For analysis purposes, 
fault correction is divided into disassembly, 
interchange, reassembly, a lignment and checkou t 
tasks. The repair time of a maintainable unit 
generally consists of both a large number of 
relatively short-time repair periods and a small 
number of long-time repair periods. The former 
would correspond to the more usual case where 
the failed unit is replaced by a spare at the 
operational site on detection of a failure. The 
long downtimes would occur when diagnosis is 
difficult or removing a defective part is 
complicated due to, for instance, rusted/stripped 
mounted nuts. Having a collection of such field 
data provides the design engineer an opportunity 
to assess the Mean Time To Repair (MTTR) of 
the current system as it matures, or to predict the 
MTTR of a new system according to its features 
with the current system. 


to troubleshoot, remove, repair, and replace a 
failed system component. An interval estimator 
for MTTR can be developed from the mean of 
the sample data, within a lower and a upper limit 
with a confidence bound. For example, from a 
sample data set, one can find with 90-percent 
confidence that the range 3.2 to 4.2 will contain 
the population mean. Unfortunately, the exact 
MTTR of a system can never be found due to 
data uncertainties. 


Log-Normal Distribution 
The distribution most commonly used to 
describe the actual frequencies of occurrence of 
system repair time is the log normal because it 
reflects short duration repair-time, a large 
number of observations closely grouped about 
some modal value, and long repair-time data 
points. The general shape of log normal 
distribution is shown in Figure 1 . 

Without getting involved in the derivation of the 
distribution equations which can be found in any 
statistical textbook, the following example will 
illustrate how MTTR of a replaceable unit may 


I 


I 


MTTR is a useful parameter that should be 
used early in planning and designing stages of a 
system. The parameter is used in assessing the 
accessibility/locations of system components; 
for example, a component that often fails 
should be located where it can easily be 
removed and replaced. The estimated MTTR 
may also dictate changes in system designs in 
order to meet the turn-around time criteria for 
critical systems, such as communication and 
life support systems on the Space Station. In 
addition, the parameter helps in calculating the 
life cycle cost of a system, which includes cost 
of the average time technicians spend on a 
repair task, or how much Extravehicular 
Activity (EVA) time is required for astronauts 
to repair a system. 

MTTR is defined as the average time necessary 


i 



Time to Repair (t) 

Figure 1: Lognormal Distribution 
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m 


be calculated from a finite observed set of data. 

Example 1 : The repair times t ; for an orbital 
replaceable unit (ORU) are observed to be 1.3, 
1.5, 1.7, 1.8, 2.2, 2.6, 3.0, 3.1, and 3.9 hours. 
Using log normal distribution to estimate the 
MTTR of the unit. 

Solution: 

V=lnt, (1) 

Utilizing statistical methods, the Maximum 
Likelihood Estimator (MLE), or the best 
estimated value of the mean is: 


n 



Then , t' = 0.79124 


How to Implement the MTTR Process 
Accurately estimating the MTTR of a new 
system is more than applying the derived 
formulas on field data of any existing systems. 
The designer must know the overall maintenance 
concept and operating conditions of the new 
system; for example, how and where the system 
is going to be operated and how its failed units 
will be swapped out. With this background, the 
designer can proceed to approximate the 
maintenance procedure of the new system, then 
select an existing system that has been exposed 
to similar operating conditions and that has a 
mature set of operating data. After the similarity 
between the two systems is assessed, the 
designer then can determine certain conversion 
factors needed to make the existing system data 
more applicable to the new system. Once this is 
done, the predictions for the new system are 
more meaningful and accurate. 


The Maximum Likelihood Estimator of the 
variance is: 

* /2 = -^EV,- T'f (3 ) 

n- 1 ,-= i 

Then, s' 2 = 0.1374 


(»'♦ v> 

\i = MTTR - e 2 

( 0 . 79124 + ° 1374 ) 

= e 2 = 

Therefore, the mean of the log normal 
distribution of this example is: 
and its variability of time to repair is: 


(4) 


= MTTR \Z(e* /2 - 1) 

= 2.36 yj(e 0 1374 - l) = 0.90 h 


(5) 


Elements of MTTR 

The MTTR prediction of a system begins at the 
replaceable unit level (RUL) where a defective 
unit is removed and replaced in order to restore 
the system to its original condition. Then the 
system MTTR predictions are accomplished by 
integrating the MTTR's of maintainable units. 
The following defines the elements used in the 
MTTR prediction of a system: 

Fault Isolation: Time associated with those 
tasks required to isolate the fault to the item. 


Disassembly: Time associated with gaining 
access to the replaceable item or items identified 
during the fault correction process. 

Interchange: Time associated with the removal 
and replacement of a faulty replaceable item or 
suspected faulty item. 

Reassembly: Time associated with closing up 
the equipment after interchange is performed. 
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Alignment: Time associated with aligning the 
system or replaceable item after a fault has been 
corrected. 

Checkout: Time associated with the verification 
that a fault has been corrected and the system is 
operational. 

Constant failure rates: The rate of failures that 
result from strictly random or chance causes. 
This type of failure occurs predominantly in the 
useful life period of a unit. 

K factor: For on-orbit tasks, a conversion factor 
may be applied to convert elemental task times 
performed in 1-g environment to Micro-gravity 
environment. The conversion factor may be 
derived from data of past similar programs or 
from the neutral buoyancy testing. 

Ground Rules and Assumptions 

In the prediction, certain ground rules and 

assumptions apply: 


comparable systems and components under 
similar conditions of use and operation. 


System Level Prediction 
At the system level, MTTR is calculated by 
summing the product of the replaceable items' 
MTTR's and their corresponding failure rates; 
the result is then divided into the sum of all 
replaceable items' failure rates. Mathematically, 

it can be expressed as: 

If 


system 


system 


= {±\MT 

A ,-= i 

Where k.= failure rate of 
to be repair 


a - £a, 

(- i 

and system variance : 



• Mean Time To Repair (MTTR) does not 
include the maintenance overhead, which is 
generally non-related task time such as time to 
fill out a requisition, time to go get tools, break- 
time, time waiting for parts, etc. 

• Worksite time is the only variable considered. 

• All equipment experiences a constant failure 
rate. 

• All tasks are performed sequentially by one 
crew member unless otherwise noted. 

• Maintenance is performed in accordance with 
established maintenance procedures and 
appropriately trained personnel. 


a * . (I/ t A 2 a* 

sys v 1 y 1 9 

A /= 1 

As an example, assume the three ORUs of a 
system have the following MTTR'S, Variance 
(V), and failure rates (A): 



MTTR 

V_ 

Mlgf) 

MTTR* A 

ORU 1 

4.5 

0.5 

12.7 

57.15 

ORU 2 

2.3 

0.7 

500.0 

1150.00 

ORU 3 

11.4 

0.56 

22 

25.08 

Total: 



514.9 

1232.23 


Apply the above formula to calculate the system 
MTTR: 


The prediction depends upon the use of 
recorded reliability and maintainability data and 
experience that have been obtained from 
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MTTR 


1 

sysian 5^4 9 


(1232. 


and its variance : 
2 1 

n ^ - 


(7) 


system 


(514.9) 2 


-(0.5x12 


^ + ,0 .7x500* + 0.56x2 

The results of the above example indicate that the 

most often failed unit will essentially drive the 

MTTR and variance of a system. 


Overall, the prediction is a straight forward 
process and is useful in estimating a system's 
MTTR. Even with a limited set of data, if the 
prediction is used early in the design phase, the 
derived value should help in shaping a preliminary 
design guideline for the system. In addition, the 
prediction can also verify logistics and 
maintainability requirements at some later stage. 
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Technique Estimate or predict the future availability of a system, function, or unit 
where availability is defined as the probability that the system, function, 
or unit will be in an operable state at a random time. Availability may 
be assessed for a single component, a repairable unit, a replaceable unit, 
a system of many replaceable units, or a function performed by multiple 
systems. 



Benefits Availability prediction and assessment methods can provide quantitative 

performance measures that may be used in assessing a given design or 
to compare system alternatives to reduce life cycle costs. This 
technique increases the probability of mission success by ensuring 
operational readiness. Analyses based on availability predictions will 
help assess design options and can lead to definition of maintenance 
support concepts that will increase future system availability, anticipate 
logistics and maintenance resource needs, and provide long term 
savings in operations and maintenance costs based on optimization of 
logistics support. 

Key Words Availability, Achieved Availability, Inherent Availability, Operational, 
Stochastic Simulation, Maintainability, RMAT, Markov Model 


Application International Space Station Program 
Experience 

Technical Availability estimation is a valuable design aid and assessment tool for 

Rationale any system whose operating profile allows for repair of failed units or 

components. These systems include those that operate on earth such as 
control centers, system test facilities, or flight simulation 
systems/facilities. Applying availability prediction and analysis 
techniques is also an extremely valuable process for guiding the 
development of maintenance concepts and requirements. 
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Availability Prediction and Analysis 
Technique AT-3 

Availability can be predicted or estimated 
using various methods and measures. 
Availability is a characteristic of repairable or 
restorable items or systems, and assumes that 
a failed item can be restored to operation 
through maintenance, reconfiguration, or 
reset. It is a function of how often a unit 
fails (reliability) and how fast the unit can be 
restored after failure (maintainability). A 
foundation to support both the establishment 
of reliability and maintainability (R&M) 
parameters and trade-offs between these 
parameters is created by availability 
prediction and analyses. Availability can be 
estimated for components, items, or units, 
but overall spacecraft system or ground 
system availability estimation is based on the 
combinations and connectivity of the units 
within the system that perform the functions, 
i.e., the series and redundant operations 
paths. 

Availability Measures 
One basic measure of availability, called 
inherent availability, is useful during the 
design process to assess design 
characteristics. The measure involves only 
the as-designed reliability and maintainability 
characteristics and can be calculated using 
the estimated mean-time-between-failure 
(MTBF) and mean-time-to repair (MTTR) 
parameters. The predicted or estimated 
measure of inherent availability is calculated 
as: 


calculation does not include such times as 
administrative or logistic delay time, which 
generally are beyond the control of the 
designer, and does not include preventive 
maintenance time. However, effective trade- 
offs using the basic times and parameters are 
possible. Trade-off techniques and some 
sample uses are included in Reference 1, 
Section 5.5. 

Another measure of availability, achieved 
availability or can be expressed as: 

= 9L 

a OT+ TCM+ TP (3) 


where OT is the total time spent in an 
operating state, TCM is the total corrective 
maintenance time that does not include 
before-and-after maintenance checks, supply, 
or administrative waiting periods; and TPM 
is the total time spent performing preventive 
maintenance. A a is more specifically directed 
toward the hardware characteristics than the 
operational availability measure, which 
considers the operating and logistics policies. 

A third basic measure of availability, 
operational availability, considers all repair 
time: corrective and preventive maintenance 
time, administrative delay time, and logistic 
support time. This is a more realistic 
definition of availability in terms providing a 
measure to assess alternative maintenance 
and logistics support concepts associated 
with the operation of a system or function. 

It is usually defined by the equation: 


MTBF 

MTBF + MTTR (1) Uptime^ = Upti 

Uptime + Downtime Total 


( 2 ) 


The MTTR time in the inherent availability 
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where Uptime is the total time a system is in 
an operable state, and Downtime is the total 
time the system is in an inoperable state. 

The sum of Uptime and Downtime, or Total 
Time, is usually known, specified as a 
requisite operating time, or is a given time to 
perform a critical function. Downtime often 
is broken down into a variety of 
subcategories such as detection and 
diagnosis time, time waiting for repair parts, 
actual unit repair or replacement time, test 
and checkout time, etc. Table 1 shows the 
basic difference between the availability 
measures defined above. 

Table 1: Commonly Used Availability 


Measures 


Availability 

Measure 

Function of: 

Excludes: 

Inherent 

( 4 ) 

hardware design 

ready time, 

preventative 

maintenance 

downtime, and 

administrative 

downtime 

Achieved 

( 4 ) 

hardware design 
but also includes 
active, 

preventative, and 
corrective 
maintenance 
downtime 

logistics time 
and 

administrative 

downtime 

Operational 

(4 a ) 

Product of actual 
operational 
environment 
including ready 
time, logistics time, 
and administrative 
downtime 

All inclusive 


Mean Value Estimation 
Mean value estimation of system availability 
is usually performed by algebraically 
combining component, LRU, and ORU 
availabilities calculated using equation (1). 
When the system is composed of a number 
of components, LRU's, or ORUs, the failure 
of any one of which results in the system 
being down, the system availability is 
calculated from the product of these units' 
availability. When the system involves item 
redundancy, redundant block availability 
estimates can be calculated using simple 
Boolean mathematical decomposition 
procedures similar to reliability block 
diagram solution methods. See Reference 1, 
Section 10.4. 

Computer-Aided Simulation 
Availability prediction using computer-aided 
simulation modeling may use either a 
stochastic simulation or a Markov model 
approach. Stochastic simulation modeling 
uses statistical distributions for the system's 
reliability, maintainability, and other 
maintenance and delay time parameters. 
These distributions are used as mathematical 
models for estimating individual failure and 
restoration times and can include failure 
effects and other operational conditions. A 
computer program generates random draws 
from these distributions to simulate when the 
system is up and down, maintains tables of 
failures, repairs, failure effects, etc., and 
tracks system or function capability over 
time. These data may then be used to 
calculate and output system operational 
availability estimates using equation (2). 


System or Function Availability Estimation 
System/function availability estimates may be 
derived in a limited fashion by algebraically 
combining mean value estimates of the 
system units, or more rigorously by using 
computer-aided simulation methods. 


Stochastic Simulation Methods 
Discrete event stochastic simulation 
programs are recommended to perform 
operational availability predictions and 
analyses for large, repairable systems such as 
the space station or large ground systems 
and facilities. These methods simulate and 
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monitor the availability status of defined 
systems or functions that are composed of a 
collection of Replaceable Units (RUs). The 
following process is generally used: 

(1) Generate simulated future Failure times 
for each designated RU based on 
predicted RU reliability distributions and 
parameters. 

(2) Step through simulated operating time, 
and when failure events are encountered, 
evaluate the failure impact or function 
status given the specific failures 
encountered. 

(3) Repair or replace the failed RU using a 
maintenance policy and procedure based 
on the availability of required 
maintenance resources, priority or 
criticality of the failure, or the current 
system or function status. Once an RU is 
repaired or replaced, the system or 
function status is reset appropriately, and 
a future failure time for the RU is again 
generated. 

Generation of simulated failures and 
maintenance actions for RUs requires as 
input the estimated RU time-to-failure 
distribution model parameters and factors 
that define the frequency of other scheduled 
or unscheduled maintenance. The 
maintenance actions can include equipment 
failures, preventive maintenance tasks, and 
environmentally or human-induced failures. 

To evaluate the effect of a simulated failure 
on the function's operational capability at a 
particular point in time, minimal cut sets of 
failure events that define the system or 
function failure conditions can be used. 
Minimal cut sets of failure events can be 
generated from reliability block diagrams or 
fault tree analysis of the functions, and then 
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used during a simulation run to dynamically 
determine queuing priorities based upon 
functional criticality and the current level of 
remaining redundancy after the simulated 
failure occurs. 


Maintenance is simulated by allocating 
available maintenance resources and spare 
parts to the awaiting maintenance action (or 
waiting for resources to become available). 
Groups of maintenance actions may also be 
packaged into shifts of work. If the system 
under consideration is in a space 
environment, both external (extravehicular 
activity or EVA) or internal (intravehicular 
activity or IV A) can be considered. 

When the stochastic simulation method is 
used, each run of the simulation model 
(called an iteration) will yield a single value 
of the availability measure that depends on 
the chance component or unit failures and 
repairs that happened during that iteration. 
Therefore, many iterations are required to 
cover as many potential failure situations as 
possible, and to give the analyst a better 
understanding of the variation in the 
resulting availability as a function of the 
variations in the random failure and repair 
process. The number of iterations required 
for accurate availability measure results will 
depend on the iteration to iteration variation 
in the output measure. Experience has 
shown that in system availability simulations 
with a large iteration-to-iteration variation, 
200 to 1000 iterations or more may be 
required to obtain a statistically accurate 
estimate of the average system availability. 

For example, the Reliability and 
Maintainability Asse ment Tool (RMAT) is 
a stochastic computer-aided simulation 
method like that described that has been used 
at Johnson Space Center for assessing the 
maintainability and availability characteristics 
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of the Space Station. The output of the 
RMAT includes the percent of total (or 
specified mission) time each defined space 
station function spends in a "down" state as 
well as the percent of time each defined 
function is one failure away from functional 
outage (is zero failure tolerant). Using 
RMAT, analysts at JSC have been able to 
perform trade studies that quantify the 
differences between alternative Space Station 
configurations in terms of their respective 
operational availability and maintainability 
measure estimates. 

The same simulation methods (such as 
RMAT) that provide for operational 
availability measures will also provide 
maintenance resource usage measures such 
as maintenance manpower needs and spare 
part requirements. With this capability, JSC 
has been able to estimate the maintenance 
manpower needs, including EVA 
requirements, of various Space Station 
alternative configurations. 

Markov Model Approach 
A Markov process, or state-space analysis is 
a mathematical tool particularly well suited 
to computer simulation of the availability of 
complex systems when the necessary 
assumptions are valid. This analysis 
technique also is well adapted to use in 
conjunction with Fault Tree Analysis or 
Reliability Block Diagram Analysis (RBDA). 
Examples of the use of Markov process 
analysis may be found in Reference 1 or in 
such standard reliability textbooks as 
Reference 2. 

Failure to use availability predictions and 
analysis during the design process may lead 
to costly sub-optimization of the as-designed 
system reliability and maintainability 
characteristics. Where operations and 
support costs are a major portion of the life 
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cycle costs, availability prediction and 
analysis are critical to understanding the 
impact of insufficiently defined maintenance 
resources (personnel, spare parts, test 
equipment, facilities, etc ), and maintenance 
concepts on overall system operational 
availability and mission success probabilities. 
These analyses can therefore greatly reduce 
the life cycle costs associated with deploying 
and supporting a space or ground system. 
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Technique Employ statistical Monte Carlo methods to analyze availability, life 
cycle cost (LCC), and resource scheduling by using the Availability 
Cost and Resource Allocation (ACARA) program, which is a software 
tool developed at Lewis Research Center . 


I . AVAttABiB* COST, ANDRfSOURCE 
; ; ; ALLOCATION (ACARA) MODEL TO 

s ; : illilll 1 : 

n X? AT HD f? M I? MTC ' 
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Benefits 

The ACARA program is an inexpensive tool for conducting 
maintainability, reliability and availability simulations to assess a 
system's maintenance requirements over a prescribed time interval. 
Also, availability parameters such as equivalent availability, state 
availability (percentage of time at a particular output state capability), 
and number of state occurrences can be computed. 

Key Words 

Maintainability Modelling, Availability, Computer Simulation 

Application 

Experience 

International Space Station Program, LeRC Micro-gravity Experiments 

Technical 

Rationale 

The development of the Space Station and other space systems (i.e., 
Space Station payloads and experiments) requiring long-term 
maintenance support dictates maintenance planning with emphasis on an 
understanding of the level of support required over a given period of 
time. The program is written specifically for analyzing availability, LCC, 
and resource scheduling. A combination of exponential and Weibull 
probability distribution functions are used to model component failures, 
and ACARA schedules component replacement to achieve optimum 
system performance. The scheduling will comply with any constraints 
on component production, resupply vehicle capacity, on-site spares, 
crew manpower and equipment. 

Contact Center 

Lewis Research Center (LeRC) 
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Availability, Cost, and Resource Allocation 
(ACARA) Model to Support Maintenance 
Requirements 
Technique AT-4 

The ACARA program models systems 
represented by reliability block diagrams 
comprising series, parallel, and M-of-N 
parallel redundancy blocks. A hierarchical 
description of the system is needed to 
identify the subsystems and blocks contained 
in the system. Given a reliability block 
diagram (RBD) representation of a system, 
the program simulates the behavior of the 
system over a specified period of time using 
Monte Carlo techniques to generate block 
failure and repair intervals as a function of 
exponential and/or Weibull distributions. 
ACARA interprets the results of a simulation 
and displays tables and charts for the 
following: 

• Performance, i.e., availability and 
reliability of capacity states 


• Frequency of failure and repair. 

• Lifecycle cost, including hardware, 
transportation, and maintenance. 

• Usage of available resources, including 
maintenance man-hours. 

ACARA Inputs 

A RBD must be prepared for ACARA to 
simulate a system's availability. The RBD 
depicts a system, and the arrangement of the 
blocks depicts a performed function. 

RBD does not necessarily depict physical 
connections in the actual system, but rather 
shows the role of each block in contributing 
to the system's function. The blocks are 
sequentially numbered as Bl, B2, B3, etc. 
and subsystems are numbered as SI, S2, etc, 
which are defined from the inside out. 

Figure 1 shows an example of a system with 
its corresponding blocks and subsystems. 
Beginning with the innermost set of blocks, 
each parallel or series set of blocks is 


1 (Var) 


6 Batt 


7 Batt 


6 Batt 


2 (Var) 


9 Batt 1-1 


10 Batt 1-1 


11 Batt 1-1 


4 (Bin) 


3 Diod 


4 Diod 


5 Diod 


1 Turb A- 13 


13 Turb S-l 


2 Gene 12 Outl 


Figure 1: Diagram of Blocks and Subsystems 
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partitioned into a subsystem which in turn 
may combined with other blocks or 
subsystems. 

The system shown in Figure 1 contains 6 
subsystems: 

• Subsystems 1 and 2 are both variable M- 
of-N parallel arrangement of batteries. 
These subsystems respectively contain 
Blocks 6 through 8 and Blocks 9 through 
11 . 

• Subsystem 3 consists of Subsystems 1 and 

2 in parallel. 

• Subsystem 4 is a binary M-of-N parallel 
arrangement of diodes. Blocks 3 through 
5. 

• Subsystem 5 is a parallel arrangement of 
two turbines, Blocks 1 and 13. 

• Subsystem 6 comprises the entire system 
and is a series arrangement of Subsystems 

3 through 5 and Blocks 2 and 12. 

Modeling Time-to- Failure 
The ACARA program uses the Weibull 
distribution function to model the time-to- 
failure for the system. The shape and scale 
factors are adjusted to modify the form of 
the distribution. Uniform random numbers 
from 0 to 1 are generated and substituted for 
the reliability, R. ACARA uses the early 
failure(i.e., infant mortality), random failure, 
and wearout failure (life-limiting failure) 
models. These models are adjusted by user- 
defined parameters to approximate the 
failure characteristics of each block. 

Random failure is modelled by the 
Weibull distribution function where the 
shape factor is equal to 1 (equivalent to the 
exponential distribution) and the scale 


parameter is equal to the Mean Time 
Between Failure (MTBF). 

Wearout failure is also modeled by the 
Weibull function. The shape factor must be 
1 or more. If the block with an initial age 
(i.e., it is not brand new) is installed, its 
initial age is subtracted from its first time-to- 
failure due to wearout. Likewise, if it 
undergoes a failure-free period, this period is 
added to its first time-to-failure. 

ACARA generates time-to-failure events 
using one or a combination of these models 
and assigns the minimum resulting time for 
each block as its next failure event. The 
early failure model is canceled by assigning 
to the block type an early failure probability 
of zero; random failure, by an excessively 
large MTBF; and wearout failure, by an 
excessively large mean life. 

ACARA also simulates redundant pairs of 
active and standby blocks. A standby block 
is installed as dormant and its time-to-failure 
is initially modelled by random failure, in 
which the MTBF is multiplied by its 
characteristic "Dormant MTBF Factor." 
Then, the corresponding active time-to- 
failure is modelled by early, random, and 
wearout failure until the active block is 
replaced. 

Modeling Down Time 
The downtime for a failed block depends in 
part upon the availability of spares and 
resources. These spares may be local spares, 
i.e., initially located at the site. If a local 
spare is available when the block fails, the 
block is immediately replaced and downtime 
will depend only on the mean-time-to-repair 
(MTTR). If no local spares are available, 
ACARA will schedule a replacement 
according to the schedule production 
quantities for that block type, the constraints 
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on mass, volume, and delay associated with 
the manifesting and loading spares to the 
resupply vehicle. ACARA also checks the 
constraints on the maintenance agents to 
determine when the block can be replaced. 

Once all the above conditions are met to 
allow the block to be replaced, ACARA then 
estimates the time required to replace it. The 
time-to-repair depends upon the MTTR's for 
that block type. MTTR's may be specified 
for up to three separate maintenance agents. 
Examples of maintenance agents are crew, 
equipment, and robotics. ACARA assumes 
that the maintenance actions occur 
simultaneously, so that the block's repair 
time is determined by the maintenance agent 
having the maximum MTTR. During the 
simulation, the time-to-repair may either be 
set equal to the maximum defined MTTR or 
to be determined stochastically. Refer to 
Reference 1 for a complete guide on the use 
of ACARA and the explanation for entering 
data and the output of graphs and 
information. ACARA may be obtained from 
the Computer Software Management and 
Information Center (COSMIC) at the 
University of Georgia, (706) 542-3265. 

References 

1. Stalnaker, Dale K., ACARA User's 
Manual, NASA-TM-103751, February 
1991. 

2. Hines, W.W. and Montgomery, D.C., 
Probability and Statistics in Engineering 
and Management Science, 2nd Ed., John 
Wiley & Sons, 1980 
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Technique 


Apply a univariate failure prediction algorithm using a signal processing 
technique to rocket engine test firing data to provide an early failure 
indication. The predictive maintenance technique involves tracking the 
variations in the average signal power over time. 


liiliill 


S I ROCKETENGINE FAILUREPREDICTIONs 
1 USING AN AVERAGE SIGNAL POWER II 

TECHNIQUE 

fs^perJornMiCe pfpficfpn during rocifet Wginetestf\ 

for identification of indpkttt faUures 



This technique will therefore reduce unnecessary failures attributed to 
the traditionally used redline-based system. The average signal power 
algorithm can be used with engine test firing data to provide 
significantly earlier failure indication times than the present method of 
using redline limits. Limit monitoring techniques are not capable of 
detecting certain modes of failures with sufficient warning to avoid 
major hardware and facility damage. 


Key Words Rocket Engines, Failure Detection, Detectability 


Application Space Transportation System (STS) 
Experience 


Technical Detection of anomalous behavior is critical during the operation of the 
Rationale Space Shuttle Main Engine (SSME). Increasing the detectability of 

failures during the steady-state operation of the SSME will minimize the 
likelihood of costly engine damage and maintenance. The average 
power signal algorithm is superior to the time series algorithm because 
more parameters contribute to the first simultaneous failure indication 
times. This increases the agreement between several parameters, thus 
increasing the likelihood that an engine anomaly has occurred. This 
method also reduces the number of false failure indications that can 
prematurely shut down the engine during testing or operation. 


Contact Center 


Lewis Research Center (LeRC) 
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Rocket Engine Failure Detection Using An 
Average Signal Power Technique 
Technique A T-5 

For discrete random processes, probabilistic 
functions are usedlo describe the behavior 
of the rocket engine system. The Power 
Spectral Density (PSD) is computed to 
describe how the variation of the random 
process is distributed with frequency. For 
stationary signals, the PSD is bandlitmted to 
±1/(2T), where T is the sampling interval in 
seconds. 

Average Signal Power Calculations 
The PSD is defined as the discrete-time 
Fourier transform of an autocorrelation 
function. (The derivation of the 
autocorrelation function is shown in 
Reference 1.) When the autocorrelation 
function is evaluated at zero lag, then an 
expression for the average signal power 
(ASP) of a random stationary process 
results: 

+JL 

P = rJO] = f Pxx (1) 

2T 

PJJ) - discrete- time 

Fourier transfor 
rJO] = inverse discret 

Fourier transfor 

The average signal power for several SSME 
parameters is determined by calculating the 
auto: elation at zero lag for the 

parar ars provided in Table 1. The 
assur ;■ uon is made that the signal is 
stationary over the computation interval. The 


average signal power calculations are 
performed over 2-second, 50-percent 
overlapping window for nominal test firings 
at both 104- and a 109-percent-rated power 
levels. A smaller time increment must be 
used to im prove the failure detection 
capability of the algorithm. 

The average plus three standard deviations 
of the average signal power are computed 
for all the nominal firings at both engine 
power levels. These values are combined to 
calculate the thresholds (see Reference 1). 

A safety factor ranging from 1.5 to 3.5 is 
needed to ensure no false failure indications 
are computed for the nominal firings. The 
range of safety factors reflected signal 
behavior variations that occurred over seven 
nominal A2 firings. When used in the failure 
detection mode, failure of the average signal 
power of a parameter to fall outside its 
threshold results in a failure indication. Also 
shown in Table 1 are the thresholds 
calculated from the SSME nominal test 
firings based on the average signal power 
algorithm along with the associated safety 
factors. 

Table 1: Signal Threshold and Safety 


Factorfor SSME's 


Parameter 

Average Power 

Threshold 

Safety 

Factor 

Mixture Ratio 

0.00112 

1.5 

MCC Coolant Discharge 

200 

1.5 

MCC Hot Gas Injector Pressure 

125 

1.5 

LPOP Shaft Speed 

1598 

2.5 

LPFP Discharge Pressure 

2509 

1.5 

HPFP Discharge Pressure 

436 

1.5 

Fuel Preburner Chamber Pressure 

232 

1.5 
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PBP Discharge Pressure 

911 

1.5 

HP OP Discharge Pressure 

268 

1.5 

PBP Discharge Temperature 

0.04 

3.0 

MCC Pressure 

47 

1.5 

HPFP Inlet Pressure 

4 

1.5 

HP OP Inlet Pressure 

6 

1.5 

HPFT Discharge Temperature A 

32 

2.0 

HPFT Discharge Temperature B 

38 

2.5 

HPOT Discharge Temperature A 

154 

3.5 

HPOT Discharge Temperature B 

104 

3.5 

HPFP Shaft Speed 

550000 

3.5 


Algorithm Implementation 
A system identification and signal processing 
software package on a RISC workstation 
provides the average signal power algorithm. 
Command and Data Simulator (CADS) data 
from a predetermined number of SSME test 
firings are used to establish the failure 
indication thresholds. 

Several system conditions must be 
considered to ensure that the algorithm does 
not erroneously indicate an engine fault. 
These conditions include sensor failure, 
propellant tank venting and pressurization, 
and propellant transfer. Sensor failure 
detection techniques must be exercised 
before, or concurrently, with safety 
monitoring algorithms in order to eliminate 
the possibility of a sensor failure being 
interpreted as an engine problem. Typically, 
all parameters exhibiting sensor problems are 
removed prior to the application of the 
algorithm. 

Failure indication thresholds are established 
by applying the average signal power 
algorithm to a set number of nominal tests. 
For the SSME four anomalous firings and 


one nominal firing were tested using the 
thresholds shown in Table 2. An example of 
the application of the average signal power 
algorithm to a SSME anomalous test firing is 
shown in Figures 1 and 2. Figure 1 
illustrates the interval over which the average 
signal power was computed for a single 
parameter, HPFP discharge pressure and one 
test firing. Figure 2 displays the resulting 
average signal power, as a function of time. 
As shown, the threshold for the average 
signal power algorithm has been exceeded. 



50 100 150 MO 250 300 JS0 400 *50 


TIME. SCC 


Figure 1: Application of the Average Signal 
Power Algorithm to the HPFP Discharge 

Pressure 
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Figure 2: Average Signal Power for that 
Interval with the Failure Indication 

Threshold 


Nomenclature: 

HPFP high pressure fuel pump 
HPFT high pressure fuel turbine 
HPFTP high pressure fuel turbopump 
HPOP high pressure oxidizer pump 
HPOT high pressure oxidizer turbine 
LPFP low pressure fuel pump 
MCC main combustion chamber 
PID parameter identification 
SSME space shuttle main engine 


Reference 

Meyer, C.M., Zakrajsek, J.F., Rocket Engine 
Failure Detection Using System 
Identification Techniques, AIAA Paper 
90-1993. July 1990. 
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Operations 

And Operational 
Design Considerations 


This section provides a rich source of ideas to any organization that is involved in either spaceflight 
operations or design to support those operations. The techniques reflect actual spaceflight 
operations experience and related field experience that can be used to achieve continuous 
improvement. They can provide a mechanism for feedback from operators of flight hardware to 
system designers to make the systems easier, safer, and less costly to operate. Also, they provide 
the design engineer -with valuable information on the latest technology advances in the operations 
environment. These techniques also can serve as a communications tool for operations personnel, 
allowing for transfer of knowledge and enhancement of professional development. The techniques 
contained herein are the most up-to-date NASA operational processes, process improvements, and 
feedback to design engineers, all of which are dedicated to making NASA systems as maintainable 
and cost efficient as possible. 
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Technique Engage in refurbishment activities to rebuild and prepare for reuse of 
the Solid Rocket Boosters (SRB's) after each Space Shuttle Orbiter 
launch. These refurbishment activities include: (1) inspection, (2) 
reworking of anomalies to specification, (3) material review board 
(MRB) acceptance or scrapping, (4) cleaning, (5) corrosion protection 
and prevention, (6) scheduled part replacement, (7) test and checkout, 
and (8) preparation for storage or return to flight buildup. 



Benefits Refurbishment of SRB components is cost effective and conserves 

resources. This allows for reuse of SRB's, thus saving money for the 
program versus building new SRB's for each launch. 


Key Words Refurbishment, Maintainability Design Criteria, Salt Water Protection, 
Galvanic Corrosion, Sealant, Electronic Component Vibration Testing 

Application Space Shuttle Solid Rocket Booster (SRB), Space Shuttle Solid Rocket 
Experience Motor (SRM). 

Technical Through the past decade of maintaining the SRB by refurbishing the 
Rationale structures and components; MSFC and its contractors have developed 
and implemented successful refurbishment specifications and procedures 
that have proven their effectiveness. For example, failure to adhere to 
the proven practice of refurbishing recovered hardware from salt water 
impact can result in unacceptable performance, scrapping of otherwise 
usable hardware, expenditure of unnecessary resources, and possible 
schedule delays. 

Contact Center Marshall Space Flight Center (MSFC) 
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SRB Refurbishment Practices 
Technique OPS-1 

Solid Rocket Booster (SRB) Refurbishment 
encompasses the activities required to return 
the reusable SRB component to a 
flightworthy condition after SRB ignition, 
liftoff and flight; separation from the 
external tank; descent (free fall and 
parachute); ocean impact; and retrieval. 
When the decision was made to recover and 
reuse the SRB hardware, a design team was 
organized to formulate the maintainability 
criteria for a reusable b ooster. Th e SRB 
Flow Chart for Maintainability is shown in 
Figure 1. The maintainability design team 
produced the Solid Rocket Booster 
Maintainability Design Criteria Document T , 
a document that was used by designers as 
they conceived each design feature, 
performed the necessary tradeoffs of the 
design parameters, and made other design 
and product engineering decisions. The 
design team included maintainability as a 
design goal and incorporated the desired 
maintainability features into components of 
the end item throughout the design process. 
Maintainability factors that were considered 
during the design of the SRB are shown in 
Table 1. 


Table 1. SRB Maintainability Factors 

1. Accessibility 

2. Commonality of Fasteners 

3. Electrical Subsystem Installation and 
Removal 

4. Thrust Vector Control (TVC) Subsystem 
Installation and Removal 

5. Ordnance Installation and Removal 

6. Markings and Color Coding 

7 . Unitization of Subsystems 

8. Irreversibility of Connectors 

9. Tool and Equipment Design 

10. Spares Provisioning 


Desi gn Pr ocess Considerations 
Table 2 lists typical maintenance actions that 
were considered during the design process. 
The SRB was designed to withstand launch, 
water impact, and towback environments, 
incorporating the capability of 10 flights for 
the parachutes; 20 flights for 
electrical/electronic components. Thrust 
Vector Control (TVC) components, and 
SRM components; and 40 flights for the 
structures. SRB structures are typically 
welded and/or mechanically fastened 
aluminum except for the external tank attach 
ring, which is mechanically fastened steel. 



Figure 1. SRB Flow Chart for Maintainability 
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Table 2. Maintenance Actions 

1. Inspection 

2. Troubleshooting 

3. Calibration and Adjustment 

4. Repair 


All aluminum structural assemblies are first 
painted and then coated with an ablative 
insulation. The SRM segments are forged 
D6AC steel. All structural components are 
cleaned and/or alodined as appropriate, 
before being primed and top coated with 
paint. The mechanically fastened aluminum 
and steel structural components are designed 
to be protected from salt water intrusion by 
applying sealant between adjoining surfaces, 
installing the fasteners with sealant, torquing 
the fasteners, and applying a fillet of sealant 
along the edge of brackets where they join 
the main structure. The electronic/electrical 
components exposed to salt water are sealed, 
and the external surfaces of these 
components are painted. The TVC hydraulic 
system is a closed-loop system that does not 
permit the intrusion of sea water. The SRM 
segments' external surfaces are protected 
with an epoxy paint finish, and the internal 
surfaces are protected by the propellant 
insulator that is bonded to the inside surfaces 
of the SRM segments. Areas not protected 
with paint or bonded-on insulation are 
protected with a water-repellent grease. 

Specific Improvements 
Typical areas of the SRB that have been 
redesigned or modified as a result of trouble 
areas found during recovery and 
refurbishment are discussed below: 

1. Galvanic corrosion occurred in the aft 
skirt of the first few SRB's recovered. To 
prevent this from recurring the design team 
added a zinc coating to selected metal 
components, and bolted anodes (Zinc bars) 
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to some components of the TVC system. 

2. The aft skirts of the first few SRB'S 
experienced water impact damage. The 
corrective action included the addition of 
gusset reinforcements to the structural rings. 
Foam was sprayed on the interior of the aft 
skirt to protect the reinforcement rings and 
the TVC components. Impact force with the 
water was reduced by increasing the 
diameter of the main parachutes from 1 15 
feet to 136 feet. The larger parachutes 
decreased the SRB’s water impact velocity 
from 88 ft/sec to 75.5 ft/sec (60 mph to 51.5 
mph, respectively). 

3. During initial teardown and inspection, 
water and corrosion were found between the 
mating surfaces of structural members. To 
correct this problem, the sealant application 
specifications were modified to require the 
sealant to be applied to both surfaces before 
joining. 

4. To eliminate potential water entry into 
the forward skirt, the following areas were 
modified or redesigned: 

a. The aft seal on the forward skirt was 
changed from a rectangular to a “D” 
configuration to allow better contact 
between the forward skirt and the forward 
dome of the SRM. 

b. A fillet of sealant was added between 
the access door and the surrounding 
structure after final close-out of the 
forward skirt. 

c. Sealant was added to the mating 
surfaces and the installation bolts of the 
separation nut housing for the main 
parachute attach fittings. 

5. The following practices improved 
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Typical Refurbishment Procedures 
Figure 2 depicts the SRB flight 
configuration. After approximately 125 
seconds into the Shuttle flight, the SRB'S 
are jettisoned from the external tank. During 
reentry, the nose cap is jettisoned (it is not 
recovered), deploying the drogue parachute. 
After the SRB is stabilized in a vertical 
position, the frustum is jettisoned and 
descends into the ocean. Its descent is held 
to a safe velocity by the drogue parachute. 

In the meantime, the jettisoning of the 
frustum deploys the three main parachutes, 
lowering the remaining portion of the SRB 
into the ocean. Once in the ocean, the 
parachutes (which are jettisoned at water 
impact) and the frustum are removed by the 
recovery team and positioned onto the 
recovery vessel. A plug is inserted into the 
SRM nozzle throat and the SRB is 
dewatered. Removal of the water from the 
SRB allows the SRB to be positioned from a 
vertical position to a horizontal position. 

The SRB is then towed to the disassembly 
area dock. 

At dockside, the SRB is lifted from the water 
and placed on dollies. The SRB 
pyrotechnics are disarmed, the TVC fuel 
system is depressurized, and an assessment 
team inspects and documents anomalies that 
may have occurred during flight. Then the 
SRB is washed with a detergent solution in a 
semiautomated wash facility. The aft skirt is 
removed and routed to the TVC disassembly 
facility. Table 3 lists a typical flow sequence 
for major structure refurbishment. After the 
aft skirt is removed, the remainder of the 
SRB is routed to the disassembly facility. 

As the SRB components are removed, they 
are identified by attaching a metal tag with 
their part number and dispositioned per the 
Predisposition List for SRB Flight 
Hardware 2 . The SRB component is then 

•. '• • 


Table 3. Typical Structure Refurbishment 

Flow 

L Tow SRB from water impact area to dock 

2 . Remove SRB from ocean , Rinse with potable 
water. 

3. Place SRB on transporter. 

4. Safe SRB Ordnance and Hydrazine Systems. 

5. Assessment Team Inspection 

6. Wash SRB with detergent solution and rinse. 

7. Remove aft skirt assembly. 

8. TVC refurbishment facility. 

9. Remove TVC Components. 

10. Disassembly area: remove components. 

11. Critical dimension check 

12. Thermal protection system removal , robotic 
hydrolaser. 

13. Inspect ; Visual and NDE (XRAY and 
Ultrasonics). 

14. Rework, Touch-up paint (repaint every fifth 
use.) 

15. Inspect and identify. 

16. Preflight storage. 


routed to the refurbishment area where a 
prepared refurbishment procedure document 
is attached to the part. The part is reworked 
to conform to the Refurbishment 
Engineering Specification. This specification 
lists the requirements for refurbishing each 
component to flightworthy condition before 
it is returned to storage. 

The SRM segments are disassembled in the 
disassembly facility at dockside, placed on 
rail cars, and transported to the SRM 
contractor located in Utah. At the 
contractor’s plant, the segments are off- 
loaded and routed to refurbishment areas. 

All segments that are to be reused must 
meet the requirements of specification 
STW7-2744 3 . If segment dimensions fall 
outside the acceptable requirements of this 
specification, an individual analysis is 
required to determine the effect on the 
structural and sealing capability before 
reusability is determined. All documented 
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Table 4. Types of Hardware That Have 
Been Successfully Refurbished 

1. Major Structures (Frustrum, Forward Skirt, 

Aft Skirt, External Tank Attach (ETA) Ring, 
Solid Rocket Motor (SRM) Segments, etc. 

2. Electronic Components: Integrated Electronic 
Assembly (IEA), Integrated receiver Decoder 
(IRD), etc. 

3. Electrical Cables. 

4. TVC Components Auxiliary Power Unit 
(APU), Hydraulic Pump, Hydraulic Reservoir, 
Fuel Service Module (FSM), etc. 


nonconformances are reviewed to determine 
if the condition of the hardware has changed. 
The most critical areas to be reviewed are 
case membrane thickness, vent port and leak 
port threaded areas and sealing surfaces, and 
aft segment stiffener stubs. No surface 
defects (corrosion, pitting, scratches, 
noncrack-like flaws, etc.) deeper than 0.010 
inch are permitted. All segments are 
hydrotested to 1.125 times the Maximum 
Expected Operating Pressure and magnetic- 
particle inspected. 
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Technique Protect the receptacles/plug ends of demated electrical connections with 
covers provided by manufacturer or with generic plastic caps or if 
covers are unavailable, leave in downward facing position. 



Benefits 

Moisture collects in the bag when the double-bag-and-seal method is 
used. This can lead to corrosion of the connector or possible electrical 
shock when the connector is reused. The use of plastic caps or 
manufacturer's covers will prevent moisture buildup, thus alleviating 
potential hardware damage or injury. 

Key Words 

Connector, Electrical 

Application 

Experience 

Space Transportation System (STS) 

Technical 

Rationale 

If the proper method of protection is not used when connectors are 
demated, there is the possibility of electrical shock to personnel 
connecting receptacles/plug ends, and increased surface corrosion rate 
due to environmental effects. 

Contact Center 

Kennedy Space Center (KSC) 
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Electrical Connector Protection Reference 

Technique OPS-2 

KSC-DE-512-SM, Rev. B, Guide for Design 
Engineering of Ground Support Equipment. 

This practice can be implemented in two 
ways: 


• Provide instructions in operations and 
maintenance documents for protecting 
the connector after use. (A step should 
be included to inspect the connectors 
for corrosion/debris and provide 
direction for corrosion/debris removal, 

necessary.) IfESD is a concern, do 
not use generic plastic caps as they can 
be ESD generators. ESD-approved 
caps should be used. 

* Provide placard or tag on or near 
connector, stating method to leave 
connector after use. 
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Technique When designing robotic systems for removal and application of thermal 
protection materials, pay close attention to support fixture indexing, 
precision positioning, optimum sequencing, and protection against 
robotic cell environmental conditions. By integrating proven hardware 
and software practices with equipment and facility design and operation, 
the effectiveness of robotic systems is ensured. 



Benefits Adherence to proven robot cell design and operational practices will 

result in improved consistency, speed, safety, precision, and reliability 
and increased cost-effectiveness of robotic systems over manual or 
semi-automated processes. 

Key Words Robot, robotic removal of insulation, robotic application of insulation, 
robot cell design, and robot operational practices. 

Application Space Shuttle Solid Rocket Booster (SRB) 

Experience 

Technical SRB refurbishment operations at KSC have resulted in the successful 
Rationale robotic insulation removal and application of 68 SRB aft skirts and 

other SRB elements. The facility schematic depicted in the description 
shows the SRB aft skirt in its most environmentally critical operation, 
insulation removal. This facility has been in operation for 5 years and, 
under routine maintenance, has been operational since its inception. 
Similar reliable operation has been experienced in the robotic 
application of insulation. 

Contact Center Marshall Space Flight Center (MSFC) 
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Robotic Removal and Application of SRB 
Thermal Systems 
Technique OPS-3 

When the SRB is recovered from the ocean, 
disassembled for refurbishment, and reused 
on subsequent Space Shuttle flights, several 
layers of insulating materials and protective 
coatings must be removed and then re- 
applied. Experience has shown that the use 
of robotic systems Jbr insulation removal 
and application will improve productivity in 
most operations by a factor in excess of 10 
to 1. Originally, the application of the SRB 
insulation was a semi-automatic operation. 
The nine ingredients (see Table 1) were 
measured by hand, placed in a large blender 
and mixer, and mixed to a uniform 
consistency required for spraying. This 
mixture was pressurized and delivered to the 

Table 1. Ingredients in the SRB Insulation 


1. 2215 Adhesive parts A &B* 

2 Ground Cork 

3 . Glass Ecco Spheres 

4. Phenolic Micro Balloons 

5 . Chopped Glass Fibers 1/4 inch long 

6. Milled Glass Fibers 1/8 inch long 

7 . Bentone 27 

8. Ethyl Alcohol 

9 . Methylene Chloride/per Chloroethylene 

* The original adhesive that contained shell 

z Catalyst was a carcinogenic 


spray gun, which was attached to a pedestal 
mounted robot in the spray cell. The SRB 
structures were prepared by hand, i.e., 
sanded, cleaned, inspected, and areas masked 
that did not require insulation. The SRB 
structure was mounted on a portable 
turntable, which was coordinated with the 
operation of the robot and spray gun. Then 


the SRB structure and the turntable were 
positioned into the spray cell. A technician 
(with breathing air and protective equipment) 
was required in the spray cell during actual 
spraying to take thickness measurements, 
assist in unplugging the spray gun, and 
remove the wet insulation, if it did not meet 
specifications. The cured insulation had to 
meet a flatware tensile test of 50 to 100 
pounds and a toleranced thickness 
requirement. Adjustments were made to the 
d eliv ery system and the insulation reapplied 
until it met specifications. Preparation of the 
structure for spraying and insulation required 
many man-hours. 

After automating and robotizing the 
application of the insulation, the insulation 
ingredients are automatically measured, 
blended, mixed, pressurized and delivered to 
the spray gun, which is mounted on a gantry 
robot. The gantry robot allows spraying 
inside the structures without the need to 
rotate the structure for access. The robot is 
programmed to automatically attach an end- 
effector to perform the following operations: 
sanding, cleaning, inspection, masking, 
spraying, and thickness measurements. 
Automating and robotizing the application of 
insulation eliminated the need for a 
technician in the spray cell and eliminated 
many of man-hours of hand work. . 

At the start of the SRB refurbishment 
program, the insulation was removed 
manually. This required a technician to 
manually hold a hydrolaser pressurized to 
8,000 to 10,000 psi. This created a 
backwash of 72 pounds force that the 
technician had to overcome using two 2-men 
crews rotated every 1 5 minutes. Any 
insulation left after this operation was 
removed by hand using nonmetallic chisels 
and mallets. Manual removal of the 
insulation from the two aft skirts required 
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Robot Ann Position for External Insulation Removal (MSA-2) 
Robot Ann Position for External Insulation Removal (MSA-2) 
Robot Arm Position for Internal Insulation Removal (Insta-Foam) 


Figure 1. Example Robot Facility: SRB Insulation Removal 
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approximately 400 man-hours. 

Procedures for Robotic Removal 
Robotizing the removal of the insulation 
reduced the man-hours for two aft skirts to 
approximately 64 man-hours. The 
hydrolaser is mounted on a gantry robot 
which is located in the removal cell. The 
pressure to the hydrolaser has been 
increased to 12,000 to 15,000 psi. 
Technicians have been eliminated from the 
hazardous environment. The robot is 
controlled by computer. A turntable (also 
controlled by computers) is mounted flush 
with the floor. After removal of the 
insulation, the robot is programmed to clean 
the hydrolaser cell. 

Table 2 lists typical reasons for using 
automated robot cell to apply and remove 
SRB insulation. Table 3 is a list of the 13 
best practices in the design of robotic 
systems for removal and application of 
insula;. on. The most predominant 
consideration was the high pressure water 
spray and debris environment encountered in 
the hydrolaser insulation removal process. 
Operational maintenance, as well as design, 
is important in maintaining a safe and 

Table 2. Typical Reasons for Using Robots 


1. Man out-of-the-loop for hazardous and 
toxic environments. 

2. Efficient; robot does not get tired. 

3. Will do whatever it is programmed to do 
and will do it repeatedly. 

4. Will handle various end effectors for 
sanding, cleaning, inspection, spraying, 
and thickness measurements. 


efficient operation. Potable water is used to 
reduce corrosion in the pumps, valves, and 
lines. The use of de-ionized water should be 


considered in areas where the water has a 
high mineral content. Since the water used in 
the insulation removal process is recycled, 
the water must be filtered prior to reuse to 

Table 3. Best Practices for Robotic Systems 


1. Gear Specifications to the environment and the 
application (Le., adaption to a solvent or water 
spray and debris-laden environment). 

2. Pay dose attention to the ergonomics for operators 
(Le., convenience of controls, visibility , manual 
override, and teaching procedures). 

3. Provide sufficient space in robotic facilities for 
support equipment, mechanisms, personnel, and 
operational control stations. 

4 Design-in automated shutdown to be activated in 

the event of excessive flow, pressures , temperatures, 
or inadvertent ingress of personnel 

5. Consider the use of vision systems for alignment, 
completion status , inspection, and thickness 
measurements. 

6. Provide overload sensing and tactile feedback for 
delicate operations. 

7. Retain manual capability for emergency and 
backup operations. 

9. Establish precise automatic indexing of fixtures 

with workpiece and robot to minimize setup time. 

9. Provide electrical grounding of all system elements. 

10. Purchase over-rated equipment Use only 75% or 
less of the capacity in the initial design to provide 
growth potential and operational/maintenance 
margins. 

11. Protect robot elements from solvents in the 
environment to ensure continued robot lubrication 

12. Train and use dedicated personnel for robotic 
operations. 

13. Establish preventive maintenance requirements 
during the design phase based on designed-in ease 
of maintenance features (L e., proper panel access , 
calibration test ports, equipment clearances, etc). 


prevent erosion and corrosion of pumping 
and spray equipment. 

For the SRB insulation system removal, the 
water is filtered to contain particles no 
greater than 5 microns. On a quarterly basis, 
or every 100 operating hours, high pressure 
water pumps are inspected and overhauled if 
necessary to repair or replace the pump 
head, pistons, or brass sleeves. Preventive 
maintenance is performed regularly. 


I 


I 

■ — j 
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Facility Requirements 
A robotic facility of the type used for SRB 
insulation removal and application must 
allow operator visibility of the process 
and careful design for personnel safety and 
access provisions. During the noisy removal 
process, personnel within a 50 ft. radius are 
required to wear ear protection. Operators 
entering the area during or immediately after 
spray operations are required to wear 
protective suits with self-contained breathing 
apparatus to prevent inhalation or contact 
with toxic fumes. 

Facility design must be carefully coordinated 
with robot design and robotic operations 
planning. A concurrent engineering 
approach is desirable in the design of robotic 
systems to ensure use of the correct robot, 
operating in an optimally designed facility, 
for the target application. A team of 
engineers and technicians representing all 
applicable disciplines should be assigned full 
time to the project throughout design and 
operations. Three levels of drawings of the 
robot/facility complex representing: (1) 
components, (2) subsystems, and (3) the 
integrated system should proceed through 
30, 60, and 90 percent design reviews. 
Three-dimensional solid modeling 
simulations using computer-aided design 
techniques will dramatically speed up the 
design process. (See the MSFC Guideline 
titled, “Concurrent Engineering Guideline for 
Aerospace Systems,” in NASA TM 4322, 
"NASA Preferred Reliability Practices for 
Design and Test"). The facility must contain 
support equipment, pumping systems, 
material storage, control stations, and 
personnel dressing and clean-up. 

Particular attention should be paid to debris 
handling. Sloped concrete subfloors provide 
for easy debris collection and clean-up. 
Automated cell clean-up techniques should 


be considered for material removal 
operations. 

Special Design Considerations 
Robotic systems lend themselves to the 
effective application of automated 
emergency shutdown, automatic end-effector 
changeout, overload sensing, tactile 
feedback, and manual override. These 
features should be designed into the robotic 
system at the outset with participation of the 
robot vendor. Setup time can be minimized 
by providing pre-engineered or automatic 
indexing and relative positioning between the 
work piece, support tooling or equipment, 
and robot. While mechanical systems should 
be over-designed for extra margins of safety 
against wear and malfunctions, care should 
be taken not to grossly overdesign control 
system memory, particularly if a bubble 
memory is used. This could result in slower 
robot control system operation. 
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Automated Hydro Removal of TPS, Report # 
USB-ATG-003, USBI Booster Production 
Company, Inc., NASA/MSFC contract # 
NAS8-36300, January 1986. 

2. Loshe, Thomas: Hydrolyzing Operations 
in High Pressure Wash Facilities, 
Maintenance Manual # B8598, USBI 
Document Prepared for Kennedy Space 
Center, October 4, 1991. 

3. Loshe, Thomas : Solid Rocket Booster 
Thermal Protection Removal System 
Software Users Guide , Document # 10MNL- 
0044, United Technologies, USBI, April 2, 
1990. 

4. Babai, Majid: Robot Simulation and 
Manufacturing, Aerospace Engineering, 


Page OPS- 15 



Robotic Removal and Application ofSRB Thermal Systems, Page 6 

Technique OPS-3 


SAE, October 1992, pp 11-13. 

5. Fertig, Alan R. and Tony S. Humble: 
Robots Refurbish Space Shuttle Hardware, 
TABES Conference Proceedings, Huntsville 
Association of Technical Societies (HATS), 
Huntsville, AL, 1987. 

6. Special Government Publications: 

MM B8601, Preventive Maintenance Gantry 

Robot and Controller 

MM B8604, Preventive Maintenance/ 

Validation Robot End Effectors 

MM B86 1 1 , SRB Insulation Manufacturing 

Manual (Forward Assembly} 

MM B86 1 6, SRB Aft Skirt Assembly-MSA-2 
TPS Operati ons Ma nual ,, 

MM B8630, MSA-2 Tunnel Cover Assembly 

Operations Manual STP 513, Cleaning 

Sprayable MSA-2 Insulation Spray 

STP 621, MSA Control Room Operation 

STP 622, Installation and Removal of Robot 

End Effector Adapters 

STP 634, Sprayable MSA-2 Insulation 

Control Room and Mix Operations 

TP 741, MSA-2 Spray System Preparation - 

ARF 

SESP (Safety Engineering Standard 
Procedure) 23405, Safety Requirements for 
Robot Systems 


i 


Page OPS- 16 


GHe Purging of H 3 Systems , Page 1 
Technique OPS-4 



Prior to venting a hydrogen (H 2 ) system, initiate a gaseous helium 
(GHe) sweep purge to evacuate air from the vent line. After venting 
operations are complete, initiate a second GHe sweep purge to evacuate 
the vent system of residual H 2 . Use a flapper valve or check valve on 
the vent line to prevent air intrusion into the line during low or 
intermittent flow conditions. 



Benefits 

This practice greatly reduces the possibility of a vent line fire and/or 
explosion during H 2 venting operations. It is impractical to supply the 
large quantities of GHe required to create a non-flammable H 2 /He 
mixture during H 2 venting operations. The upper flammability limits of 
a gaseous H 2 /air mixture is lower with no GHe present. This technique 
also provides substantial safety benefits. 

Key Words 

Purge, Hydrogen, H 2 , Helium, GHe 

Application 

Experience 

National Space Transportation System (NSTS) 

Technical 

Rationale 

Use of dilution purges when venting explosive gases such as hydrogen 
is not necessarily desirable. 

• Mixtures of Hj/He do not become non-flammable until the 
mixture is 91% He. 

• For "fuel rich" hydrogen/helium mixtures in air, the flammability 
limit increases with increasing He content, until 85% He mixture 
is obtained. 

Contact Center 

Kennedy Space Center (KSC) 
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GHe Purging of H, Systems Reference — 

Technique OPS-4 

H. Hannah, LSOC 32-30, FCSS Hazardous 
Commodity Purge Study, dated September 
This technique recommends initiating a GHe 1991. 

sweep purge to evacuate air from a vent line 
prior to venting a H 2 system. After the initial 
venting operation is complete, a second GHe 
sweep puree should be con ducted to : 
evacuate the vent system of residual H 2 . The 
upper flammability limits of a gaseous H 2 /air 
mixture is lower with no GHe present (see 
Figure 1). A flapper valve or check valve 

used on the vent line will prevent air 

intrusion into the line during low or 
intermittent flow conditions. 

This practice should be included in all new 
systems operating procedures and changes 
initiated to applicable existing proce du res. 

System design should be reviewed to include 
the following as recommended by NASA 
TM X-52454 (Lewis Research Center): 

• Include a check valve/flapper valve or 
other suitable mechanism to exclude air 
from vent stacks at low or intermittent 
flow conditions. 

• Extend vent stacks 15ft. above a 
building roof. 

• Discontinue use of ordinary hydrocarbon 
flame arresters which are incapable of 
quenching a H 2 flame. 

• Provide a minimum of a 3 -volume 
exchange (pulse purges) to sweep system 
prior to introducing hydrogen. 

Five to 1 0 volume exchanges to purge a vent 
system is a commonly acceptable industry 
practice. 
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Figure 1. Limits of Flammability-Mixtures of H 2 and He 
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Technique 

Use solid state Programmable Logic Controllers (PLC's) in 
system/equipment design to control and monitor systems and processes. 


lit® 'logic; ; ; . 

CONTROLLERS 

Use of programmable logic controllers results in ease of 
maititenance through modularity^ replaceability> and ability to 
: troubleshoot 

Benefits 

System/equipment design using PLC's is a prime example of the 
application of maintainability design objectives. PLC's are designed 
with ease of maintenance and troubleshooting as a major function. 

When virtually all components are solid state, maintenance is reduced to 
the replacement of a modular, plug-in type component. Fault detection 
circuits and diagnostic indicators, incorporated in each major 
component, can tell whether the component is working properly. With 
the programming tool, any programmed logic can be viewed to see if 
input or outputs are on or off. 

Key Words 

Controller, Programmable 

Application 

Experience 

Space Transportation System (STS), Facilities and Ground Support 
Systems. 

Technical 

Rationale 

Conventional relay-based control systems are more subject to failure 
and cannot handle complex processing as efficiently as PLC'S. Use of 
PLC's in system design will reduce failure rates and subsequent 
downtime, ultimately saving a program money. 

Contact Center 

Kennedy Space Center (KSC) 
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Programmable Logic Controllers 
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PLC'S provide control capabilities not 
possible in the past Control systems 
incorporating programmable controllers are 
now able to operate machines and processes 
with an efficiency and accuracy never before 
achievable with conventional relay-based 
control systems. Usually, PLC architecture 
is modular and flexible, allowing hardware 
and software elements to expand as the 
application requirements change. If an 
application outgrows the limitations of the 
PLC, the unit can easily be replaced with a 
unit having greater memory and input/output 
capacity, and the old hardware can be reused 
for a smaller application. 

PLC attributes make installation easy and 
cost effective. Their small size allows PLC’S 
to be located conveniently, often in less than 
half tl pace required by an equivalent relay 

contro , anel. On a small scale changeover 
from relays, the PLC'S' small and modular 
construction allows it to be mounted near the 
relay enclosure and pre- wired to existing 
terminal strips. Actual changeover can be 
made quickly by simply connecting the 
input/output devices to the pre- wired 
terminal strips. Table 1 lists some features 
available and benefits of PLC'S. 

In large installations, remote input/output 
stations are placed at optimum locations. 

The remote station is connected to the 
processor by a pair of twisted wires. This 
configuration results in a considerable 
reduction of material and labor cost that 
would have been associated with running 
multiple wires and conduits. 

PLC Components and Operation 
PLC'S, regardless of size, complexity, or 
cost, contain a basic set of parts. Some of 
the parts are hardware; others are software 


Table 1. Typical Programmable Logic 
Controller^ Features/Benefits 


Features 

Benefits 

Solid State Components 

High reliability 

Programmable Memory 

Simplifies changes 
Flexible control 

Small Size 

Minimal space 
requirements 

Microprocessor Based 

Communications capability 
Higher level of performance 
Higher quality products 
Multi-function capability 

Software Timers/Counters 

Eliminate hardware 
Easily changed presets 

Software Control Relays 

Reduced hardware wiring 
costs 

Reduced space 
requirements 

Modular Architecture 

Installation flexibility 
Easily installed 
Hardware purchases 
minimized 
Expandability 

Variety of I/O Interfaces 

Controls variety of devices 
Eliminates custom control 

Remote I/O Stations 

Eliminates long wiring 
conduit runs 

Diagnostic Indicators 

Reduced troubleshooting 
time 

Proper operation of signal 

Modular I/O Interface 

Neat appearance of control 
panel 

Easily maintained 
Easily wired 

Quick I/O Disconnects 

Service w/o disturbing 
wiring 

All System Variables Stored 
in Memory 

Useful management/ 
maintenance 
Data can be output 


or programs. Figure 1, identifies the basic 
parts of the PLC. In addition to a power 
supply system and a housing that is 
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--{PARTS OF A PROGRAMMABLE CONTROLLER]— 


Signals From Process 



Signals to Process 


Figure 1. Parts of a Programmable Controller 


appropriate for the physical and electrical 
environment, PLC's consist of the following 
parts: an input interface, central processor 
unit (CPU), memory section, programming 
language, programming tool, and an output 
interface. 

The Input Interface provides connection to 
the machine or process being controlled. 
The principal function of the interface is to 
receive and convert field signals into a form 
that can be used by the central processing 
uniL 


The Processor and Memory provide the main 
intelligence of the PLC. Fundamental 
operating information is stored in memory as 
a pattern of bits that is organized into 
working groups called words. Each word 
stored in memory is either an instruction or 
piece of data. The data may be reference 
data or a stored signal from the process that 
has been brought in through the input 
interface. The operation of the processor 
and memory of the PLC can be described as 
a fairly simple repetitive sequence: 
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1. Look at the process being controlled. 
This is accomplished by examining the 
information from the input interface. 


still popular. Alternative languages use 
Boolean representation control schemes as 
the base of the computer representation. 


2. Compare the information with control 
information supplied by and stored in the 
program. 

3. Decide whether any control action is 
needed. 

4. Execute the control action by 
transmitting signals to the output 
interface. 

5. Look again at the inputs. 

The processor continually refers to the 
program stored in memory for instructions 
concerning its next action and for reference 
data. 

The Outnut Interface takes signals from the 
processor and translates them into forms that 
are appropriate to produce control actions by 
external devices. 

The Program and Program Language . The 
program is written by the user and stored in 
the PLC. The program is a representation of 
the actions that are necessary to produce the 
desired output control signals for a given 
process condition. The program includes 
sections that deal with bringing the process 
data into the controller memory, sections 
that represent decision making, and sections 
that deal with converting the decision into 
physical output action. Programming 
languages have many forms. Early versions 
were restricted to match the conventions of 
relay logic which consisted of ladder 
diagrams that specified contact closure types 
and coils. T his type of p rogram consists of a 
representation of a relay logic control 
scheme. The relay ladder language types are 


The Programming Tools provide connection 
between the programmer and the PLC. The 
programmer devises the necessary control 
concepts and then translates them into the 
particular program form required by the 
selected PLC. The tool produces the pattern 
of electrical signals that corresponds to the 
symbols, letters, or numbers in the version of 
the program that is used by humans. 

Process Improvements 

The use of control and monitor equipment 

with the benefit of a PLC could lead to: 

• Increased system availability 

• Decreased downtime requirements to 
recover from a failure 

• Decreased cost in materials and man- 
hours for installation 

• Increased system visibility 

• Increased flexibility to meet new 
requirements. 

Reference 

National Technology Transfer Inc. (PLC 
Seminar, Aurora, Colorado, 1992) 


Page OPS-23 




DC Drive - Solid State Control, Page 1 
Technique OPS-6 


Technique During the design of new (or upgrades to) motor generator set type DC 
drives, consider the use of solid state assemblies for control functions. 



Benefits Use of solid state controls instead of magnetic amplifiers can improve 


system restoration time in the event of a failure. Features such as fault 
detection, modular construction, and packaging can be easily employed. 
Diagnostics for system health status and problem resolution can also be 
readily provided. Incorporation of these features can result in improved 
system performance and availability. 

Key Words Solid State Assemblies, System Restoration, Maintainability, 
Performance, Availability 

Application National Space Transportation System Shuttle Ground Support 

Experience Systems. 

Technical At KSC the 175- and 250-Ton Bridge Cranes in the Vehicle Assembly 

Rationale Building (VAB) were using metadynes (electromechanical rotating 

amplifiers) for control function. The metadyne had a long history of 
maintenance problems because of brush wear, contamination and 
corrosion. It required extensive pre-operation maintenance attention to 
support Shuttle processing. In addition, the metadyne units often 
required maintenance during processing operations impacting 
processing schedules. KSC replaced the metadynes with solid state 
controller units resulting in decreased maintenance actions including 
pre-operation maintenance and improved system performance and 
availability. Fault isolation and removal and replacement of failed 
components is easier and less time consuming. Since failures occur at a 
less frequent rate, the need for numerous operating spares is reduced. 
Furthermore, the "off equipment" in-shop maintenance of failed units 
requires much less time and money to effect a repair. Reduced 
maintenance and downtime allow for the crane to be ready and 
operating to support Shuttle processing in a more timely manner. 

Contact Center Kennedy Space Center (KSC) 
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The use of solid state assemblies for control 
functions represents a great improvement 
over previous control methods. Historically, 
the first method of obtaining adjustable 
speed using DC motors was the constant 
potential DC supply usi ng fiel d adjustment 
This provided a small range of adjustment. 
This method was followed by the rotating 
M-G system of Ward Leonard patented in 
the 1890’s. This drive used an AC motor 
driving a DC generator to convert AC to DC 
power. The motor and generator may be 
combined in a single frame and use a 
common shaft or separate coupled units 
(See Figure 1). The output DC voltage is 
controlled by adjusting the field excitation of 
the DC generator. Depending on the 
accuracy required, armature voltage or a 
tachometer may be used as a feedback signal 
in a closed loop system. An important 
aspect of this drive is that power flow is 
reversible. The motor acts as a generator, 
driving the generator as a motor, which 
drives the AC motor which then pumps 
power back into the AC lines. This ability, 
called regeneration, is a useful feature in 
decelerating large inertias or holding back 
overhauling loads. This is a very important 
consideration when replacing the M-G with a 
conventional packaged silicon-controlled 
rectifier (SCR) drive. 

In the late 1940's, electronic tube drives 
began to replace M-G drives. These used 
vacuum, thyratron, excitron, or ignitron 
tubes for armature circuit control. They had 
limited acceptance because of tube life limits 
and water cooling requirements on larger 
ratings. By the early 1960's the tubes were 
replace with the solid state thyristor drives. 
Magnetic amplifier drives were developed in 
the mid-1950's when silicon diodes became 
popular. They were never as widely used 
because of difficulties of reactor design and 
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acceptable response rate. However, they 
were rugged and highly reliable once in 
satisfactory operation. 

During the early 1960's the thyristor or SCR 
became readily available. This device is 
"similar in operation to a thyratron tube. 
Today it dominates the direct current drive 
fiel d. Special circuits enable the SCR to 
regenerate and reverse readily. Larger and 
less expensive SCR’s have extended the 
range to well over 1000 HP. Figure 2 
illustrates a controlled rectifier drive. Note 
that the gateing control and SCR bridge have 
replaced the M-G set of Figure 1, resulting in 
reduced rotating machinery. 

Solid State Operation 
Figure 3 shows the assemblies comprising a 
solid state control system for DC d rives . A 
single phase thyristor power converter 
supplies up to 200 volts positive or negative 
at 20 amperes to the generator field. A 
closed-loop controller (speed regulator) 
provides for armature voltage with IR drop 
compensation or AC/DC tachometer 
feedback speed control and linear 
acceleration and deceleration. A firing 
circuit provides an isolated gate drive to the 
power converter. A bi-directional adapter 
used in conjunction with the firing circuit 
assembly provides bi-directional current to 
the field of a DC generator for contactorless 
reversing or to regulate to zero output 
voltage in the presence of residual 
magnetism of the DC generator. Protective 
circuitry includes a voltage sensing relay for 
safety interlocking and an isolator for 
isolated armature current feedback. 

References 

1. KSC Electrical Drawing for VAB 250 
Ton Cranes, 250-69-K-L- 11388. 

2. KSC Electrical Drawing for VAB 1 75 

Ton Crane, 175-67-K-L- 11348. 
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Figure 3. M-G Control-Reversing Simplified Schematic Motor Generator 
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Technique 

During the design of new or modifications to existing systems requiring 
motor speed control, consider the use of alternating current (AC) 
variable frequency drive systems for motor control. 

m mrnmm i \ 

ity&i \ SYSTEMS 

• : AC variable f'tq«*»n> sr*te»B for nunCspceJ cwtnt ,iff» 

advantages over other mechanical methods 

1 1 ju :• .. | 

Benefits 

AC variable frequency drive systems for motor speed control offer 
several advantages over systems that use DC or AC motors coupled 
with mechanical devices (clutches and pulleys) to achieve motor speed 
control. These advantages enhance system maintainability resulting in: 

• Improved system maintainability, reliability, and performance. 

• Reduction of preventive and corrective maintenance (manhours 
and materials) by elimination of mechanical devices. 

• Increased system availability. 

• Self-contained diagnostic test capability. 

• Reduced size and mechanical complexity. 

• Reduced life cycle costs. 

Key Words 

AC Variable Frequency Drive, System Performance, Availability 

Application 

Experience 

Launch Complex 39A & B, Main Propulsion System, Liquid Oxygen 
Subsystem 

Technical 

Rationale 

Variable frequency drive systems are installed at the Shuttle launch pads 
at KSC. The system allows for a direct coupling between the main 
propulsion system liquid oxygen pump and drive motor. This eliminates 
the motor clutch system, a high maintenance item, and gaseous nitrogen 
lines used to purge the clutch system. 

Contact Center 

Kennedy Space Center (KSC) 


Page OPS-28 














AC - Variable Frequency Drive Systems, Page 2 

Technique OPS-7 


AC - Variable Frequency Drive Systems 
Technique OPS-7 

The use of A/C variable frequency drive 
systems provides greater efficiency for motor 
speed control than mechanical devices with 
DC or AC motors. AC variable frequency 
drive systems allow for direct coupling and 
eliminates the need for mechanical devices 
such as clutches and pulleys. Elimination of 
these mechanical devices results in decreased 
maintenance downtime and repair costs. 
Adjustable speed AC drives also offer many 
advantages over DC drives because of 
simplicity, high-speed capability, and low 
maintenance requirements of induction 
motors. These motors are suitable for 
adverse conditions such as dirty air, 
explosive atmospheres, and inaccessible 
locations. 

Components 

Typically, an adjustable frequency drive 
system for an AC induction motor will 
consist of a converter module, DC link 
module, and inverter module. The following 
is a description of an adjustable frequency 
drive system. The configuration shown and 
the type of control scheme used classify the 
drive as a current source inverter type. 

Figure 1 illustrates three fundamental steps 
used in converting the AC input into a 
variable AC output 

The converter module can be thought of as a 
programmable DC voltage source where the 
three AC input lines are rectified by silicon 
controlled rectifiers (SCR's) to provide a 
variable DC output. An SCR can be thought 
of as a controlled rectifier or switch that lets 
current flow in the forward direction when 
gated or opened. Then it cannot shut off 
again until the flow reverses or ceases. At 
this point the SCR regains its forward 
blocking capability until gated again. 


The control circuitry in the drive turns the 
SCR's on 60 times per second to obtain the 
desired current flow. Each time a new SCR 
is gated, it then forces a previous one to shut 
off. If it is necessary to turn off all the 
SCR's, all gate signals are removed and the 
SCR's then turned off naturally when the AC 
input voltage is reversed. 


The DC link module is so called because it is 
a device that connects the inverter and 
converter modules. Electronically it is an 
inductor or choke that filters the output of 
the converter module and provides a more 
uniform flow of current to the inverter 
module. Since the inductor tries to maintain 
a constant flow of current through it, this 
allows the voltage source converter to 
function as a current source to the inverter 
module. 

The inverter module takes the filtered DC 
from the DC link module and converts it 
back to AC. Here the SCR's are gated, one 
after the other, steering this DC into and out 
of each of three input lines to the motor. 

The faster the SCR's are fired, the faster the 
motor turns. Since the AC line is not present 
here, external commutating capacitors are 
used to ensure that each time a new SCR is 
fired, an old or previously conducting one is 
shut off. 

Drive Operation 

The following paragraphs briefly discuss 
some of the characteristics of the drive: 

a. Output voltage and current normally 
delivered to a motor from the AC input line 
are both sinusoidal. This is not true when 
operating the motor from a current source 
inverter (see Figure 1). The voltage 
waveform is closely sinusoidal with 
disturbances called commutation spikes. The 
output current is a high quality quasi-square 
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Figure 1. Simplified Adjustable Speed Drive 


waveform. The current source inverter 
makes no attempt to define the shape of the 
output motor voltage. The output voltage is 
simply a result of the current and rotation of 
the motor. The shape of the current 
waveform is defined and its level is increased 
or decreased to obtain the required voltage. 
Stated more simply, the control circuitry 
contains an inner current regulator loop with 
an outer voltage regulator loop that ensures 
that the proper current and voltage are 
supplied to the motor. 


b. Crowbar: Since during normal operating 
conditions the DC link or choke is carrying a 
large current, which implies a large amount 
of stored energy, it is worth discussing what 
happens should the input or output to the 
drive be suddenly disconnected. The 
inductor would normally develop whatever 
voltage is needed to maintain the constant 
flow of DC. To mitigate the danger of these 
damaging voltage levels, protective circuits 
are incorporated within the drive to provide 
a path for this DC. The protective schemes 
are based on the capability of both the 
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inverter and converter modules to provide a 
path for this current by firing two series 
SCR's in the converter and inverter modules, 
thus generating a direct short circuit path 
through which the current trapped in the 
inductor may flow. The process of firing 
these SCR's to provide a current path is 
called "crowbar." 

c. Output clamp: With an abrupt loss of 
load, the protective mechanism operates as 
follows. The inverter output leads to t he 
motor are equipped with a device called an 
"output clamp." If the motor is abruptly 
disconnected, the output current from the 
inverter will transfer to this clamp circuit 
until its level hits 950 volts DC. At this 
point, the control circuitry 'will foitTa 
"crowbar" and shut off the converter 
module. This prevents any further increase 
in output voltage; an orderly shutdown is 
performed. 

d. Commutation: Commutation is a process 
by which an SCR is forced out of a 
conducting state by reverse biasing. Two 
types of commutation normally occur in the 
power circuit, natural and forced. 

e. Regeneration: The SCR converter is a 
two-quadrant device capable of accepting 
power from the DC bus and returning it to 
the line when the DC bus potential is 
negative. This capability makes the current 
source inverter one of the few inverter types 
that are inherently regenerative without 
excessive circuit complication. 

f. Low speed cogging: Each commutation 
in the inverter module causes the current 
flow to the motor to be abruptly stopped in 
one phase and started in another. This action 
forces the motor to turn one-sixth of a 
rotation on a 2-pole machine, one-half on a 
4-pole machine, etc. This explains why, at 


very low speeds, the motor appears to move 
in discrete steps rather than smoothly rotate. 
At a frequency of 1 Hertz, for example, a 
two-pole machine would perform one 
complete rotation in six distinct steps at a 
rate of six steps per second. This effect is 
reduced depending on the inertia of the 
connected load. The visual effect completely 
disappears at speeds above a few Hertz. 

References 

1. KSC Electrical Advanced Schematic 
Drawing 79K06382. 

2. KSC Electrical Advanced Schematic 
Drawing 79K40029. 
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Technique 

During new design or upgrades to existing transmission systems, 
consider the use of fiber optic systems in place of metallic cable 
systems. 


FIBER OPTIC SYSTEMS 

• 

. i . Xv.vtxX v;.y-;Xv ; * * * 

Use of fiber optics provides 

J ! ciwmeristicsQ^ mmnten0ck 6<fyatitageM 

aver metallic cable ;\ 

Benefits 

Properly designed fiber optic transmission systems will last for long 
periods of time without any preventive maintenance and can offer 
reduced maintenance downtime and repair costs. Well-built optical 
transmission lines and couplers are relatively immune to electromagnetic 
interference, adverse temperature, and moisture conditions and can be 
used for underwater cable. An optic fiber can be 20 times lighter and 
five times smaller than copper wire and still carry far more energy. 

Using fiber optic control circuits provides electrical isolation for safety 
in hazardous environments. Because optical cables carry no current 
they are safe to use in explosive environments and eliminate the hazards 
of short circuits in metal wires and cables. 

Key Words 

Fiber Optics, Maintainability 

Application 

Experience 

Kennedy Space Center Ground Support Systems (e.g., Launch 
Processing System, Ground Communications System). 

Technical 

Rationale 

Fiber optics can enhance the transmission quality, capacity, and safety 
environment of the system. The system designer should carefully 
weight the pros and cons of fiber optics vs. copper, microwave, or 
satellite for the transmission medium. Optical fiber, if cabled and 
installed properly, will last for years without any preventive 
maintenance. Reliability of optical cable is very good, and will enhance 
system availability, minimize downtime for maintenance, and reduce 
repair costs. 

Contact Center 

Kennedy Space Center (KSC) 
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Components and Operation 
The basic elements found in fiber optic 
systems are a transmitter, fiber optic cable, 
receiver, and connectors. Figure 1 illustrates 
the main parts of a fiber optic system. The 
following is a brief description of these 
elements and their function: 

• The Transmitter converts an electrical 
signal to a light signal. The transmitter 
consists of a driver and a source. The 
input to the driver is the signal from the 
equipment being served. The driver circuit 
changes the input signal into a form 
required to operate the source. The 
source, either a light-emitting diode (LED) 
or laser diode, does the actual conversion. 

• The Fiber Optic Cable is the medium for 
carrying the light signal. The main parts of 
a fiber cable are the optical fiber, cladding, 
buffer jacket, buffer, strength members, 
and jacket. Figure 2 illustrates the main 
parts of a single fiber cable. The optical 
fiber contains two concentric layers called 
the core and the cladding. The inner core 
is the light-carrying part. The surrounding 
cladding provides the difference in 
refractive index that allows total internal 
reflection of light through the core. The 
buffer is the plastic coating applied to the 
cladding. 

Cable buffers are one of two types, loose or 
tight. The loose buffer uses a hard plastic 
tube having an inside diameter several times 
that of the fiber. One or more fibers lie 
within the buffer tube. The tube isolates the 
fiber from the rest of the ca ble and the 
mechanical forces acting on it. The buffer 
becomes the load bearing member. As the 
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cable expands and shrinks with changes in 
temperature, it does not affect the fiber as 
much. A fiber has a lower temperature 
coefficient than most cable elements, 
meaning that it expands and contracts less. 
The tight buffer has a plastic directly applied 
over the fiber coating. 

This construction provides better crush and 
impact resistance; however, it does not 
protect the fiber as well from stresses of 
temperature variations. Because the plastic 
expands and contracts at a different rate than 
the fiber, contractions caused by variations in 
temperature can result in loss-producing 
microbends. Tight buffers are more flexible 
and allow tighter turn radii. Therefore; tight 
tube buffers are useful for indoor 
applications where temperature variations 
are minimal and the capability to make tight 
turns inside walls is desired. 

Strength members add mechanical strength 
to the fiber cable. The most common 
strength members are Kevlar Aramid yam, 
steel, and fiberglass epoxy rods. During and 
after installation, the strength members 
handle the tensile stresses applied to the 
cable so that the fiber is not damaged. 

Kevlar is most commonly used when 
individual fibers are placed within their own 
jackets. Steel and fiberglass members find 
use in multi-fiber cables. Steel offers better 
strength than fiberglass, but may not be the 
best choice for maintaining an all dielectric 
cable. Steel also attracts lighting, whereas 
fiber does not. The jacket-like wire 
insulation provides protection from the 
effects of abrasion, oil, ozone, acids, alkali, 
solvents, etc. The choice of jacket material 
depends on the degree of resistance required 
for different influences and costs. 

• The Receiver accepts the light signal and 
converts it back to an electrical signal. The 
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receiver contains a detector, amplifier, and 
an output section. The amplifier enhances 
the attenuated signal from the detector. 

The output section performs many 
functions such as: separation of the clock 
and data, pulse reshaping and timing, level 
shifting to ensure compatibility (TTL, 

ECL, etc.) and gain control. 

• Connectors and splices, which link the 
various components of a fiber optic 
system, are vital to system performance. A 
connector is defined as a disconnectable 
device used to connect a fiber to a source, 
detector, or another fiber. It is designed to 
be easily connected and disconnected many 
times. A splice is a device used to connect 
one fiber to another permanently. 
Connection by splices and connectors 
couples light from one component to 
another with as little loss of optical power 
as possible. The key to a fiber optic 
connection is precise alignment of the 
mated fiber cores (or spots in single-mode 
fibers) so that nearly all the light is coupled 
from one fiber across the junction to the 
other fiber. Contact between the fibers is 
not required. However, the demands of 
precise alignment on small fibers create a 
challenge to the designer of the connector 
or splice. 

Maintainability design features that should be 
addressed in the design for fiber optic 
systems should provide for fault localization 
and isolation, modular replacement, and 
built-in test and check-out capability. 

Improvements 

Fiber optics systems offer many benefits. In 
sensing systems, sensitive electronics can be 
isolated from shock, vibration, and harsh 
environments, resulting in more economical 
packaging. The number of repeaters 
required for low attenuation cable is less than 


with conventional systems and for short 
hauls of less than 10 km, no repeaters are 
necessary. In the absence of electrical 
current, the life of a fiber optic system's 
components equals the useful life of the 
control system, the light source, and the 
electronics. Maintenance and repair costs 
are reduced dramatically. Installation costs 
of fiber optic cables are lower than metal 
cables because the shipping and handling 
costs are about one-fourth and labor costs 
one-half that of current metal cables. 

References 

1. RADC-TR-88-124, Impact of Fiber 
Optics on System Reliability and 
Maintainability, June 1988. 

2. RADC-TR-80-322, Failure Rates for 
Fiber Optic Assemblies, October 1980. 

3. AWP, Technician 's Guide for Fiber 
Optics, 1987. 
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Figure 1. Basic Fiber Optic Link 
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Figure 2. Parts of a Fiber Optic Cable 
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Use a separate, hand-operated, spring-loaded, vented regulator in 
pneumatic system designs to provide reference pressures for pilot 
controlled pressure regulators. Specify application in system/equipment 
specifications, requirements documents, and design policies and 
practices. 


PNEUMATIC SYSTEMS— • ■ - 
PILOT-CONTROLLED PRESSliORE 
REGULATOR LOADING 

Use pitied pressure iegiiiftidrsjbri^ 
maintainability of pneumatic systems 





Benefits 

Design of a pneumatic systems using vented pressure regulators offers 

the following maintainability advantages: 

• Requirement for a separate relief valve in the pilot-loading circuit is 
eliminated. 

• Logistics support requirements (materials, parts, tools) are 
decreased by elimination of additional relief valves. 

• System availability is increased by elimination of additional 
components and their maintenance/downtime requirements. 

• Elimination of components enhances maintainability and increases 
reliability. 

• Overall life cycle costs are improved by decreased maintenance and 
downtime requirements, and increased system availability. 

Key Words 

Pneumatic, Regulator, Pressure 

Application 

Experience 

Apollo, National Space Transportation System (STS), Pneumatic 
Ground Support Systems 

Technical 

Rationale 

When pneumatic system requirements mandate the use of pilot operated 
pressure regulators, the use of vented pressure regulators to supply 
reference pressure is mandatory. This reduces the system component 
count and associated logistics requirements. 

Contact Center 

Kennedy Space Center (KSC) 
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Pneumatic Systems - Pilot-Controlled 
Pressure Regulator Loading 
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Pressure in pneumatic systems must be 
controlled. Primary points of control are 
downstream of the s our ce (compressor) and 
the system receiver (tank). Control of 
pressure is required downstream of the 
compressor for system safety and ..... . 

downstream of the receiver to maintainT- T S5irr ^ 
steady pressure source for efficient operation 
of other system components. Pneumatic 
systems use pressure regulators to provide 
this control. For those systems using 
standard dome-loaded (pilot-operated) 
regulators, this practice requires use of 
separate vented regulator for loading the 
pilot operated regulators. Figure 1 shows a 
regulator system with separate relief valves. 

A venting type regulator limits downstream 
pressure to a level lower than that of the 
upstream (receiver) pressure. It also acts as 
a relief valve for its leg of the circuit in the 
event of pressure build up. This method 
eliminates the need for a separate relief valve 
in the dome-loading circuit. Figure 1 also 
shows an example of a vented system which 
illustrates this method. 


References 

1 . KSC-SD-Z-0005 A, Standard for Design 
of Pneumatic Ground Support Equipment. 

2. Parker-Hannifin Corp., Bulletin 0225- 
B1 , Fluid Power. 
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Figure 1. Examples of Non-Vented and Vented Regulator Systems (Schematics) 
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Technique Incorporate modular, fault tolerant power switching devices in new 
system designs and system upgrades. Specify application in system/ 
equipment specifications, requirements documents, and design policies 
and practices. 



Benefits Miniaturizing of conventional electronic components and assembling 

them in convenient groupings provides the following benefits: 

• More efficient base of maintenance can be achieved. 

• Logistics support requirements (materials, parts, etc.) are reduced by 
stocking modules as opposed to piece parts. 

• Keeping modules at lowest level of maintenance (throw-away) will 
minimize the requirements for sophisticated test equipment and highly 
skilled technicians. 

• Modular design will result in improved fault detection by isolating the 
problem at the module level instead of at the piece part level. 

• Module design can be sized to accommodate various loads. 

• Sealed modules provide increased environmental protection. 

Key Words Power, Switching, Modular 

Application National Space Transportation System 

Experience 

Technical Incorporation of the technique will achieve the goal of avoiding high 
Rationale maintenance costs from premature failure of hardware due to moisture 
or sand intrusion and other severe environmental conditions. Shuttle 
program operations around the world have shown that this switchover 
device has been extremely reliable even under conditions that are 
normally detrimental to electrical equipment. 

Contact Center Kennedy Space Center (KSC) 
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Modular Automated Power Switching 
Device 

Technique OPS- 10 

This technique recommends providing 
modular, single-fault tolerant, power 
switching devices that enhance ease of 
maintenance and expedite system restoration. 

Application 

The design of lighted visual Landing Ai ds 
presently installed at several Space Shuttle 
landing sites around the world specified that 
the Ball/Bar lights for thejnner Glideslope 
must be powered by a primary and backup 
power source with automatic switchover in 
the event of primary source failure. The 
Reliability/Maintainability Engineers had to 
ensure the system would not prematurely fail 
and that the switchover mechanism was 
relatively inexpensive, self-contained, and 
easy to install/maintain. As a result of this 
effort, the modularized automated power 
switching device was developed and 
implemented (see Figure 1). 

Failure to utilize this technique could result 
in excessive cost if commercial Automatic 
Transfer Switches are utilized instead. The 
Ball/Bar light system is critical to Shuttle 
landing operations. These systems must be 
up and operational prior to a Launch 
Commit decision. Failure prior to launch 
could result in a very costly delay to the 
Shuttle program. 

References 

1. NSTS 07700, Vol. X, Space Shuttle 
Flight & Ground System Specification, Rev. 
J, June 14, 1990. 

2. KSC Drawing No. 80K52361, Automatic 
Transfer Switch Wiring Diagram for 
Ball/Bar Lights. 
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• IF K1A OR K1B FAILS OPEN - K 2 DROPS OUT CAUSING THE BACK-UP POWER 
SUPPLY TO COME ON LINE. 


• IF THE PRIMARY POWER SUPPLY FAILS - K2 DROPS OUT CAUSING THE BACK-UP 
POWER SUPPLY TO COME ON LINE. 

• SI IS USED TO SUPPLY THE PRIMARY LINES AND IS ALSO USED TO BY-PASS 
K2A & K1 AUX TO ACTIVATE AND LOCK ON K1. 


Figure 1. Modularized Automatic Power Source Switching Device 
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Technique Install filters immediately upstream of all interfaces in pneumatic 
systems to control dirt and water contamination. 



Benefits Proper use of filters, prevents contaminated gas from interfacing with 

component and system operation, provides the following benefits: 


• Decreased component failure caused by contamination. 

• Efficient and effective means of servicing system/equipment by 
filter cleaning or replacement. 

• Increased system availability due to reduction in system 
maintenance. 

Key Words Pneumatic, Protection, Contamination 

Application Apollo, National Space Transportation System, Pneumatic Ground 

Experience Support Systems 

Technical System gas must be conditioned before it is allowed to enter a new 

Rationale system. Installing filters immediately upstream of interfaces achieves 
this objective and also reduces dirt and water contamination that can 
interfere with component and system operation. 


Contact Center Kennedy Space Center (KSC) 
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Pneumatic System Contamination 

Protection 

Technique OPS-11 

No matter how well a system is designed or 
how expensive, particulate-contaminated gas 
interferes with component and system 
operation. System gas must be conditioned; 

it must be deconta minated before it is:: ~ 

allowed to enter a pneumatic system. The 
KSC design standard for pneumatic systems 
defines the following requirements for filters: 

• Filters shall be installed immediately 
upstream qf all interfaces where control of 
particulate matter is critical and at other 
appropriate points as required to control 
particulate migration. 

• Selection of filters shall be made only after 
analysis of overall system performance 
requirements. This ensures maximum 
protection of critical components and 
minimal performance penalty (pressure 
drop). 

• Filter housings and elements shall be 
constructed of 300 series stainless steel to 
reduce particulate contamination due to 
corrosion. Seal materials shall conform to 
manufacturer's recommendations and the 
requirements specified herein. The element 
construction should be welded instead of 
soldered whenever possible to simplify 
cleaning. Where 300 series stainless steel 
is specified, type 303 and other austenitic 
stainless steels should be avoided whenever 
possible because of susceptibility to stress 
corrosion cracking. However, overall cost 
should be the deciding factor. 

• Filter elements shall maintain filtering 
quality and not be damaged in any way 
when subjected to worst-case system 
conditions (i.e., maximum design flow rate 


and element clogged to its maximum 
design capability). 

Providing unconditioned gas in a pneumatic 

system will have the following effects: 

• Degraded system performance because of 
contamination. 

• Increased maintenance cost and downtime 
to recover from problems induced by 
contamination. 

• Decreased system availability. 

References 

1. KSC-SD-Z-0005A, Standard for Design 

of Pneumatic Ground Support Equipment. 

2. Parker-Hannifin Corp., Bulletin 0225-B1, 

Fluid Power. 
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